Interniche Command Reference Manual

InterNiche Command Reference Manual

Interniche Legacy Document

Version 1.00

Date: 11-May-2017 17:37

All rights reserved. This document and the associated software are the sole property of HCC Embedded. Reproduction or duplication by any means of any portion of this document without the prior written consent of HCC Embedded is expressly forbidden.

HCC Embedded reserves the right to make changes to this document and to the related software at any time and without notice. The information in this document has been carefully checked for its accuracy; however, HCC Embedded makes no warranty relating to the correctness of this document.

Table of Contents

CryptoEngine ______6 ce netstat ______7 DHCP Client ______8 dhcp lease ______9 dhcp netstat ______10 DHCP Server ______11 dhs_addrpool ______12 dhs_client ______13 dhs_enable ______14 dhs_ifcfg ______15 dhs_netstat ______16 DHCPV6 ______17 dhcpv6 lease ______18 dhcpv6 netstat ______19 DNS CLIENT ______20 dnsc ddnsupdt ______21 dnsc dnscstats ______22 dnsc getaddrinfo ______23 dnsc getnameinfo ______25 dnsc nslookup ______26 dnsc setdnssrv ______27 FTP Client ______28 FTP client commands ______30 HTTP Server ______33 http config ______34 http htdump ______35 http netstat ______36 IPSec and IKE ______37 ike commands ______38 ike debug ______39 ike flush ______40 ike netstat ______41 ike reload ______42 ike remote ______43 ipsec policy ______46 IPSec ______48 ipsec addsa ______49 ipsec delsa ______54 ipsec flush ______55 ipsec netstat ______56 IPv6 ______57 ipv6 rt6add ______58

ipv6 rt6del ______59 ipv6 rt6list ______60 ipv6 rt6man ______61 ipv6 rt6prfx ______62 Multicast ______63 igmp add ______64 igmp cfg ______66 igmp drop ______67 igmp mode ______69 igmp netstat ______70 igmp sock ______71 mld ______73 NAT ______77 nat natset ______78 nat natxip ______80 nat netstat ______81 PPP ______82 modem config ______83 modem dialer ______84 modem netstat ______85 ppp config ______86 ppp netstat ______88 ppp pdebug ______90 ppp plink ______91 ppp plnkcfg ______92 RIP ______94 rip config ______95 rip netstat ______96 rip ripauth ______97 rip riprefuse ______98 rip riproute ______99 SNMPv1/v2c ______101 snmp community ______102 snmp config ______104 snmp mib ______106 snmp netstat ______107 snmp target ______108 snmp trap ______109 SNMPv3 ______110 snmpv3 access ______111 snmpv3 authoid ______113 snmpv3 context ______114 snmpv3 group ______115 snmpv3 mibview ______116 snmpv3 notify ______117 snmpv3 tables ______118

snmpv3 taddr ______119 snmpv3 tparam ______120 snmpv3 username ______121 snmpv3 v3test ______123 SNTPv4 ______124 sntp netstat ______125 sntp sntpcfg ______126 sntp sntplog ______128 sntp sntpsync ______129 sntp sntpterm ______130 sntp sntptime ______131 SSH ______132 ssh cfgfwds ______133 ssh config ______134 ssh memstat ______135 ssh netstat ______136 ssh nosecurity ______137 Syslog ______138 syslog netstat ______139 syslog sendtest ______140 syslog server ______141 syslog syslog ______142 System ______143 chainbuff cbadd ______144 chainbuff cbdel ______145 cli call ______146 cli config ______147 cli echo ______148 cli help ______149 cli sleep ______150 net arp ______151 net buffers ______152 net bufstat ______153 net debug ______154 net dtrap ______155 net dyniface ______156 net gratarp ______157 net halt ______158 net iface ______159 net linkstats ______160 net mbufs ______161 net netstat ______162 net ping ______164 net queues ______166 net route ______167 net setip ______168

net status ______170 net tcpecho ______171 net tesvr ______173 net udpecho ______174 net uesvr ______176 net user ______177 TFTP ______179 tftp get ______180 tftp netstat ______181 tftp put ______182 tftp tfsrv ______183 Telnet ______184 telnet exit ______185 telnet logout ______186 telnet netstat ______187 Virtual File System ______188 vfs attribute ______189 vfs delete ______190 vfs directory ______191 vfs read ______192

1 CryptoEngine ce netstat - display CryptoEngine statistics and status

1.1 ce netstat

Command Name

ce netstat - display CryptoEngine statistics and status

Syntax

ce netstat

Parameters

None

Description

This command displays status information for the CryptoEngine module.

Location

This command is provided by the CryptoEngine module when USE_CRYPTOENG is defined.

2 DHCP Client

lease - Request the DHCP client to obtain/renew/release a lease dhcp netstat - display DHCP client, UPNP, AUTO-IP statistics and status

2.1 dhcp lease

Command Name

lease - Request the DHCP client to obtain/renew/release a lease

Syntax

lease -i UINT [-d | -l STRING]

Parameters

-i I Network interface number, 1 based

-d I Disable DHCP client

-l I Enable DHCP client and perform a lease function

Description

This command is used to enable or disable DHCP client functions for the specified network interface. The supported DHCP functions are:

new - request a new IP address from the DHCP server renew - renew an IP address lease release - release an IP address back to the DHCP server

Notes/Status

The -i parameter is required UPnP requires that DHCP_CLIENT be defined. AutoIP requires that USE_UPNP be defined.

Location

This command is provided by NET when DHCP_CLIENT is defined.

This command includes support for UPnP when USE_UPNPis defined.

This command includes support for AutoIP when USE_AUTOIPis defined.

2.2 dhcp netstat

dhcp netstat Command Name

dhcp netstat - display DHCP client, UPNP, AUTO-IP statistics and status

Syntax

dhcp netstat

Parameters

None

Description

This command displays statistics associated with the DHCP client module and also UPNP & AUTO-IP modules.

Note:

To display UPNP status and statistics USE_UPNP has to be defined.

To display AUTO-IP status and statistics USE_AUTOIP has to be defined.

When DHCP_CLIENT is defined USE_UPNP is required to be defined.

Location

This command is provided by the DHCP module when DHCP_CLIENT is defined.

3 DHCP Server

dhs_addrpool - configure an address pool dhs_client - configure parameters to be given to a specific DHCP client dhs_enable - enable/disable DHCP server dhs_ifcfg - configure default parameters to be delivered with addresses on this interface dhs_netstat - display DHCP Server statistics and parameters

3.1 dhs_addrpool

Command Name

dhs_addrpool - configure an address pool

Syntax

dhs_addrpool [-i ] {-l -h -s }

Parameters

Command without address parameters displays the current address pools for all or the specified interface

-i Command applies to the specified interface

-l lowest IP address in pool

-h highest IP address in pool

-s Subnet mask in IP addr format (dotted notation)

Description

This command is used to configure an address pool

Notes/Status

In order to configure an address pool, the '-l', '-h' and '-s' options must all be used. If the '-i' option is used, then the addresses in the pool will be given only to clients on the specified interface. The specified interface must already have a default configuration If the '-i' option is not used, then at least one interface must already have a default configuration

Location

This command is provided by the DHCP Server module when DHCP_SERVER is defined.

3.2 dhs_client

Command Name

dhs_client - Configure parameters to be given to a specific DHCP client

Syntax

dhs_client -c [-a ] [-i ] [-d ] [-g ] [-h ] [-l ] [-s ]

Parameters

-c string: usually the MAC address (include colons) of the client to be given these parameters

-a IP address to be given to this client

-i Interface number. Start with the default parameters for this interface. These may be modified by the other parameters

-d IP address of DNS server

-g IP address of gateway

-h Host name to be given to this client

-l Integer: lease in seconds

-s Subnet mask in IP addr format (dotted notation)

Description

This command is used to configure the parameters be given to a specific DHCP client when it makes a DHCP Request. A client configuration is saved both in an in-RAM client table and in a client table saved in persistent storage

Notes/Status

The '-c' parameter is required.

Location

This command is provided by the DHCP Server module when DHCP_SERVER is defined.

3.3 dhs_enable

Command Name

dhs_enable - Enable/Disable DHCP Server

Syntax

dhs_enable -d | -e

Parameters

-d Disable the DHCP Server

-e Enable the DHCP Server

Description

This command is used to enable/disable the DHCP Server.

Notes/Status

The DHCP Server cannot be enabled until at least one interface has been give default parameters and at least one address pool has been configured. Be default, it will be enabled as soon as this condition is met

Location

This command is provided by the DHCP Server module when DHCP_SERVER is defined.

3.4 dhs_ifcfg

Command Name

dhs_ifcfg - configure default parameters to be delivered with addresses on this interface

Syntax

dhs_ifcfg {-i [-d ] [-e ] [-g ] [-l ] [-n ] [-o ] [-s ]}

Parameters

dhs_ifcfg without parameters displays the current default paramters for all interfaces

-i Interface number

-d IP address of DNS server

-e string: enable "yes" or "no"

-g IP address of gateway

-l Default lease in seconds

-n Domain name

-o hexidecimal integer. Mask of acceptable options

-s Subnet mask in IP addr format (dotted notation)

Description

This command is used to configure the default parameters that will be included with each DHCP address given out on this interface.

Notes/Status

The file "dhs_port.h" contains system defaults for all parameters except '-i'. At least one interface must be configured before the DHCP server will be enabled. The minimum command is dhs_ifcfg -i At lease one address pool must also be configured before the DHCP Server will be enabled.

This command is provided by the DHCP Server module when DHCP_SERVER is defined.

3.5 dhs_netstat

Command Name

dhs_netstat - Display DHCP Server statistics and parameters

Syntax

dhs_netstat [-d] [-e ] [-l] [-p]

Parameters

Command without parameters displays statistics for the DHCP Server

-d List default parameters for all interfaces

-e Integer index of client entry. List parameters to be given to the specifed client

-l List addresses that have been assigned

-p Display free address pools

Description

This command is used to display DHCP Server statistics or to display the specified parameter list[s].

Notes/Status

The index needed with the '-e' option can be obtained from the list provided by a previous dhs netstat command that used '-l' option.

Location

This command is provided by the DHCP Server module when DHCP_SERVER is defined.

4 DHCPV6

Lease - request the DHCPv6 client to obtain/renew/confirm/release a lease dhcpv6 netstat - display DHCPv6 client statistics

4.1 dhcpv6 lease

Command Name

Lease - Request the DHCPv6 client to obtain/renew/confirm/release a lease

Syntax

lease [-i UINT ] [-d | -l STRING]

Parameters

-i Network interface number, 1 based. This is optional with interface 1 the default.

- Disable DHCPv6 client. Releases all DHCPv6 leased addresses back to the server removing d them from the interface. Prevents DHCPv6 from requesting an address because of a router advertisement.

-l Enable DHCPv6 client and perform a lease function.

Description

This command is used to enable or disable DHCPv6 client functions for the specified interface. This supported DHCPv6 functions are:

New - request a new IPv6 address for the DHCPv6 server Renew - renew an IPv6 address lease Confirm - confirm all IPv6 leased address; for example, can be used after disconnecting and reconnecting to the network. Release - release all IPv6 leased addresses back to the DHCPv6 server

Location

This command is provided by the DHCPv6 module when DHCPv6_CLIENT is defined.

4.2 dhcpv6 netstat

Command Name

dhcpv6 netstat - display DHCPv6 client statistics

Syntax

dhcpv6 netstat

Parameters

None

Description

This command displays statistics associated with the DHCPv6 client. It show the number of messages sent and received by type.

Location

This command is provided by the DHCPv6 module when DHCPv6_CLIENT is defined.

5 DNS CLIENT

ddnsupdt - Do Dynamic DNS update dnscstats - Display DNS client statistics getaddrinfo - Get list of IP addresses and/or port numbers for a hostname and service name getnameinfo - Convert a socket address structure to a hostname and service name nslookup - Find the IP address of a domain name setdnssrv - Add, delete, or display IP addresses from the table of DNS name servers

5.1 dnsc ddnsupdt

Command Name

ddnsupdt - Do Dynamic DNS update.

Syntax

ddnsupdt -a -o NAME -e IPADDRESS [-t TTL]

ddnsupdt -d -o NAME -e IPADDRESS

ddnsupdt -d -o NAME -v (4 | 6)

Parameters

-a add operation

-o name and domain for update

-e IPv4 or IPv6 address

-t Optional - time to live number

-d delete operation

-v address record type to delete; either 4 for "A" or 6 for "AAAA"

Description

Do Dynamic DNS update

When deleting a record one may specify either a specific address record by using -e or all records for the given name of type "A" or type "AAAA" by specifying -v 4 or -v 6.

For example: "ddnsupdt -d -o example.com -e 1.2.3.4" will delete the "A" record for the name example in the domain com with the address 1.2.3.4

For example: "ddnsupdt -d -o example.com -v 4" will delete all "A" records for the name example in the domain com

"ddnsupdt -a -o example.com -e 1.2.3.4 -t 600" will add an "A" record for the name example in the domain com with the address 1.2.3.4 and a TTL of 600. If this "A" record already exists then the TTL will be modified to 600.

Location

This is provided by the DNS module when DNS_CLIENT and DNS_CLIENT_UPDT are defined.

5.2 dnsc dnscstats

Command Name

dnscstats - Display DNS client statistics.

Syntax

dnscstats [-c ]

Parameters

-c Display the DNS client cache

Description

Display DNS client statistics. If -c is specified it will also display the DNS client cache

Sample output when the -c options was specified:

DNS Servers:68.87.76.178, 65.106.1.196, 0.0.0.0 Number entries in DNS Client cache: 2 protocol/implementation runtime errors: 0 requests sent: 2 updates sent: 0 replies received: 2 usable replies: 2 total retries: 0 timeouts: 0

DNS cache: name: www.something.com 111.222.333.444 Age: 8 seconds, Expires: 82103 seconds trys: 1, ID:4661, rcode:0, err:0 name: www.something.com 2001:1111:2222:3333::2 Age 84 seconds, Expires 77261 seconds trys: 1, ID:4660, rcode:0, err:0

Location

This is provided by the NET module when DNS_CLIENT, DNS_CLIENT, and NET_STATS are defined.

5.3 dnsc getaddrinfo

Command Name

getaddrinfo - Get list of IP addresses and/or port numbers for a hostname and service name

Syntax

getaddrinfo [-a ] [-s ] [-f ] [-p ] [-t ] [-v ]

Parameters

-a STRING: Either a domain name or, when used with the AI_NUMERICHOST flag, an IP address

-s STRING: Either a service name or, when used with the AI_NUMERICSERV flag, a port number

-f STRING: Hexidecimal string representing an OR of desired "AI_" flags (see dns.h)

-p STRING: "TCP" or "UDP". The returned port number must be valid for this protocol

-t INT: 1 = SOCK_STREAM, 2 = SOCK_DGRAM. The returned port number must be valid for this socket type

-v INT: 4 = IPv4, 6 = IPv6. Restrict responses to these address types

Description

This command is intended as an example/test for calls to the getaddrinfo() API. The getaddrinfo() function is defined in RFC 3493. It returns a list of IP addresses and/or port numbers for the specified hostname and/or service name. Getaddrinfo() is a replacement for gethostbyname(). It is thread-safe and provides more capabilities and flexability.

Notes/Status

Either -a or -s or both must be specified. The determination of port number for the -s parameter is based on the servtoportlist[] in dnsclnt. c. The default array is limited in size. Additional entries should be added as needed for a specific implimentation. For the -f option, the hexidecimal string must be an OR of one of the "AI_" flags defined in dns. h. Note that these are not the same as the "NI_" flags defined for getnameinfo. The meaning of each flag is defined in RFC 3493. The hexidecimal number may be optionally proceded by a "0x" and it may optionally have a leading zero, e.g., 0x03, 0x3, or 3 are all valid The -p and -t parameters apply only to the service name returned. If both are used, they must correspond, e.g., an error will be returned if a protocol of TCP and a sock type of SOCK_DGRAM are specified. The getaddrinfo() function returns a pointer to an array of addrinfo structures (defined in dns.h), with one structure for each address returned. Normally after a return from getaddrinfo(), the calling application would use the information in the structures as needed and then call freeaddrinfo() to free the array of structures. For this command, the information in the returned structures is displayed by the dump_addrinfo() function and then the array of structures is freed via freeaddrinfo() The AI_V4MAPPED flag is not currently supported. The getaddrinfo() command does not currently support IP_V6 scope IDs other then "1"

Location

This command is provided by the NET module when DNS_CLIENT, DNSC_MENUS and DNSC_GETADDRINFO are defined.

5.4 dnsc getnameinfo

Command Name

getnameinfo - Convert a socket address structure to a hostname and service name

Syntax

getnameinfo [-a ] [-p ] [-f ]

Parameters

-a IPv4/6 address of host whose domain name should be returned

-p port number for the service whose name should be returned

-f STRING: Hexidecimal string representing an OR of desired NI_ flags (see dns.h)

Description

This command is intended as an example/test for calls to the getnameinfo() API. (See getnameinfo() in the NicheStack Reference manual.) The getnameinfo() function is defined in RFC 3493. It converts a sockaddr structure to a pair of host name and service stings. It is the converse of the getaddrinfo function.

Notes/Status

Either -a or -p or both must be specified. The determination of service name for the port number specified by the -p parameter is based on the servtoportlist[] array that is defined in dnsclnt.c. The default array is limited in size. Additional entries should be added as needed for a specific implimentation. For the -f option, the hexidecimal string must be an OR of one of the "NI_" flags defined in dns. h. Note that these are not the same as the "AI_" flags defined for getaddrinfo. The meaning of each flag is defined in RFC 3493. The hexidecimal number may be optionally proceded by a "0x" and it may optionally have a leading zero, e.g., 0x03, 0x3, or 3 are all valid

Location

This command is provided by the NET module when DNS_CLIENT, DNSC_MENUS and DNSC_GETADDRINFO are defined.

5.5 dnsc nslookup

Command Name

nslookup - Find the IP address of a domain name

Syntax

nslookup -a STRING [ -r | -t | -y]

Parameters

-a STRING: Either a domain name or, when used with -r, an IP address

-r Perform a reverse nslookup of the domain name (IP4 only)

-t Display the TXT records of the domain name

-y Display the IPv6 records of the domain name

Description

This command calls DNS servers or relies on the stack's cache to retrieve the IP address records or TXT records for a domain name, such as "www.iniche.com." If no record type is specified, the A records (IPv4 addresses) are displayed. If '-y' is specified, the AAAA records (IPv6 addresses) are displayed. If '-t' is specified, the TXT records are displayed. If '-r' is specified, a reverse nslookup of an IPv4 address is performed.

Notes/Status

'-r', '-t', '-y' are mutually exclusive. The setdnssrv command can be used to initialize the DNS Server addresses used in the DNS query. The newer commands getaddrinfo and getnameinfo provide additional options for specifying exactly which set of records to return

Location

This command is provided by the DNS module when DNS_CLIENT and DNS_MENUS are defined.

5.6 dnsc setdnssrv

Command Name

setdnssrv - Add, delete, or display IP addresses from the table of DNS name servers.

Syntax

setdnssrv

setdnssrv -a [-i ]

setdnssrv -d -i

Parameters

-a Argument of type IPv4 address, indicating address of a DNS nameserver to add

-d No parameters

-i Argument of type number (1 - n), indicating index of a nameserver to add or delete

Description

Add, delete, or display IP addresses from the table of DNS name servers

Notes/Status

'-a' and '-d' arguments are mutually exclusive. The '-i' argument is required with '-d' Command without arguments displays the current state of the DNS server table

Sample output, when there is already a nameserver at index 1:

-> setdnssrv -i 2 -a 10.0.0.1 DNS servers: 10.0.0.226 10.0.0.1

Notes/Status

Location

This command is provided by the DNS module when DNS_CLIENT and DNS_MENUS are defined.

6 FTP Client

FTP client commands - Collection of FTP client menus

6.1 FTP client commands

Command Name

FTP client commands - Collection of FTP client menus

Description

For reasons explained in the Notes section, FTP client commands exist as individual menus, rather than members of an overall FTP client menu. For this reason, it is often necessary to type FTP in front of the command name in order to disambiguate it from another command, e.g., you must type "FTP put", rather than simply "put".

Syntax

open open an FTP connection to an FTP server

open -a -u [-p ]

ascii Use ASCII transfer mode

ascii - No parameters

binary Use binary transfer mode

binary - No parameters

cd Change directory on the server

cd -d

get GET a file (transfer file from server directory)

get -f [-d ]

hash Enable/disable hash mark printing

hash -d | -e

ls List files in the server directory

ls - No parameters

pasv Set FTP server to passive mode

pasv - No parameters

put Put a file (transfer file to server directory)

put -f [-d ]

pwd Print the working directory

pwd - No parameters

quit Close the FTP session and connection

quit - No parameters

verbose Enable/disable verbose mode

verbose -d | -e

state Display FTP client state

state - No parameters

log Enable/disable logging

log -d | -e

Parameters

- Argument of type IPADDR specifying the IP address of the server. IP4 addresses use dotted a notation. IP6 addresses use colon notation

-d hash, verbose, and log commands: disable - no argument get and put commands: name to be given to the file on the distination server - Argument of type STRING

-e hash, verbose, and log commands: enable - no argument

-f get and put commands - Argument of type STRING specifing an abosolute path to the file

- Argument of type STRING specifying a password p

- Argument of type STRING specifying a username u

Notes/Status

The NicheStack CLI interface requires all command options to use the format -X . Because each FTP client command is identified by a multi-character name, each requires a separate menu. All FTP client commands except "open" require an existing FTP connection to the FTP server. The log command is available only if FC_LOG is defined.

Location

These commands are provided by the FTP module module when FTP_CLIENT is defined.

7 HTTP Server

http config - display or modify http server configuration http htdump - dump contents of httpd structure(s) http netstat - display HTTP Server statistics and status

7.1 http config

Command Name

http config - display or modify http server configuration

Syntax

http config [-d | -e] [-i ] [-m ] [-n ] [-p ][-r ] [-t ] [-w ]

Parameters

(none) Command without arguments displays the current state of http configuration parameters

-d Disables the HTTP Server.

-e Enables the HTTP Server.

-i Integer: idle timeout in seconds for persistent connections

-m Max bytes HTTP will transmit without yielding

-n Integer: idle timeout in seconds for non-persistent connections

-p Argument of type string sets the HTTP root path.

-r HTTP Receive buffer size in bytes. Range: 512-16384 bytes

-t HTTP Transmit buffer size in bytes. Range: 512-16384 bytes

-w Argument of type string sets the default web page.

Description

This command displays or sets http configuration parameters

Notes/Status

An attempt to re-enable the HTTP Server (-e option) within 15 seconds of disabling it, may not be successive. Repeating the command after a few seconds should succeed. The -i option is only available if HT_PERSISENT is defined. Normally it will be defined. For the -i and -n options, an argument of '0' represents an infinite timeout.

Location

This command is provided by the httpsvr module when HTTPSVR is defined.

7.2 http htdump

Command Name

htdump - dump contents of httpd structure(s)

Syntax

htdump [-a] [-f] [-r] [-s] [-u] [-w]

Parameters

Command without arguments dumps all fields for all active httpd structures.

-a Dump all active httpd structures.

-f Dump all form information.

-r Dump content of request(httpfinfo structure)(s).

-s Dump content of httpsockinfo structure(s).

-u Dump content of uploadfile structure(s).

-w Dump http structure for the calling web application.

Description

This command dumps all or the requested field(s) from the httpd structures of the active http connections. The options may be combined. For example, you can dump the form and request information for each active http connection (-f -r).

Notes/Status

A struct httpd is allocated when a connection is made to the HTTP server and freed when the connection is closed. A struct httpd has pointers to several substructures that are allocated as needed. The -w option can only be used when htdump is called from a web application. Unless the -w option is specified, the information will be displayed for all active connections.

Location

This command is provided by the httpsvr module when HTTPSVR is defined.

7.3 http netstat

Command Name

http netstat - display HTTP Server statistics and status

Syntax

http netstat

Parameters

This command takes no arguments

Description

This command displays status information for the httpsvr module.

Location

This command is provided by the httpsvr module when HTTPSVR is defined.

8 IPSec and IKE

ike commands - print the configuration in the form of command lines ike debug - enable IKE debug logging and tracing ike flush - flush IKE SAs and remote configuration database ike netstat - display IKE sessions and remote configuration database ike reload - reloads configuration and restarts ike ike remote - add, delete, and view IKE remote peer configuration information ipsec policy - add, delete, and view IKE and IPSEC policy database information

8.1 ike commands

Command Name

ike commands - print the configuration in the form of command lines

Syntax

ike commands [-f filename]

Parameters

-f filename for output

Description

This command prints the running configuration of "ike remote" and "ipsec policy" configuration commands. The commands will be formatted so that they could be used as input at startup, for example using the IKE_SCRIPT_FILE defined in ipport.h, ike_rc by default.

Notes/Status

#define IKE_DUMP_CMD_FILE "ike_dump_cmds.txt"

Location

This command is provided by the IKEv2 module when IKEv2 is defined.

8.2 ike debug

Command Name

ike debug - enable IKE debug logging and tracing

Syntax

ike debug [-t] [-d]

Parameters

-t turn on ike debug tracing

-d turn on ike debugging

Description

This command enables or disables IKE related debugging output. If no parameters are provided debugging is turned off.

Notes/Status

The image must be built with IKE_DEBUG_TRACE enabled in ipport.h for "-t" to be available. The image must be built with IKE_DEBUG enabled in ipport.h for "-d" to be available.

Location

This command is provided by the IKEv2 module when IKEv2 is defined.

8.3 ike flush

Command Name

ike flush - flush IKE SAs and remote configuration database

Syntax

ike flush {-p <1 | 2 | 3>} {-r [-n ]}

Parameters

-p flush all IKEv1 Phase 1 (-p 1) or Phase 2 (-p2 ) SAs or all IKEv2 SAs (-p 3).

-r flush contents of IKE remote configuration database.

-n name of remote peer as it appears in the remote peer database

Description

This command flushes IKEv1 Phase 1 and Phase 2 SAs and IKEv2 SAs, and remote configuration database.

Notes/Status

If no options are given then all SAs for both IKEv1 and IKEv2 are deleted and all remote peer information is deleted. The -n option is only intended for use with the -r option.

Location

This command is provided by the IKEv2 module when IKEv2 is defined.

8.4 ike netstat

Command Name

ike netstat - display IKE sessions and remote configuration database

Syntax

ike netstat [-p <1 | 2 | 3>] [-r [-n ]]

Parameters

-p display information about IKEv1 Phase 1 or 2 session(s) or -p 3 implies IKEv2 SA.

-r display contents of IKE remote configuration database.

-n Name in remote configuration database.

Description

This command displays information about Security Assocications, SA(s). IKEv1 Phase 1 session(s), IKEv1 Phase 2 session(s), IKEv2 SA(s), and remote configuration database.

Notes/Status

When no options are specified, this function displays information about IKEv1 Phase 1 session (s), IKEv1 Phase 2 session(s), IKEv2 SA(s), and remote configuration database. "-p 3" implies IKEv2 SA(s). The -n option is only intended for use with the -r option.

Location

This command is provided by the IKEv2 module when IKEv2 is defined.

8.5 ike reload

Command Name

ike reload - reloads configuration and restarts ike

Syntax

ike reload

Parameters

None

Description

This command flushes IKEv1 Phase 1 and Phase 2 SAs and IKEv2 SAs, and remote configuration database. Then it restarts IKE reading the configuration command file.

Notes/Status

The IKE configuration file is defined in ipport.h, IKE_SCRIPT_FILE as ike_rc by default. This file can contain any iniche commands and is executed after IKE starts and after a small delay to allow interfaces to acquire IP addresses.

Location

This command is provided by the IKEv2 module when IKEv2 is defined.

8.6 ike remote

Command Name

ike remote - add, delete, and view IKE remote peer configuration information

Syntax

ike remote {-n -a [-b] [-c] -d -e -f -g [-h] [-i] [-l] -m -n -p -r -s [-u] [-w] -z} ike remote {-v [-n ]} ike remote {-x }

Parameters

-a authentication protocol list, ike version 1 supports

MD5 SHA

and ike version 2 supports

HMAC-MD5 HMAC-SHA-1 HMAC-SHA-2-256 HMAC-SHA-2-384 HMAC-SHA-2-512

-b peer's X.509 certificate

-c local end's X.509 certificate(s) (to be sent to remote peer)

-d dh group algorithm list

MODP768 MODP1024 MODP1536 MODP2048 MODP3072 MODP4096 MODP6144 MODP8192

-e encryption protocol list

3DES-CBC AES128-CBC AES192-CBC AES256-CBC NULL_ENC

-f identifier (expected from remote peer)

-g identifier (to be sent to remote peer)

-h the filename that contains the passphrase for PSK

-i interval_to_send -- retransmission interval

-l IKE SA lifetime

-m auth method algorithm

PresharedKey RSASIG

-n remote name

-p prf algorithm list

HMAC-MD5 HMAC-SHA-1 HMAC-SHA-2-256 HMAC-SHA-2-384 HMAC-SHA-2-512

-r remote endpoint

-u accept this version (can be configured to accept both ikev1 and ikev2)

-v view remote -- all policies will be displayed unless used with -n

-w initiate this version (only one version can be initiated, ikev1 or ikev2)

-x delete remote with given name or ALLREMOTES

-z version to configure in this command

Description

This command will add, delete, and view IKE remote peer configuration information. The parameters are used to negotiate the algorithms to be used to establish secure communications for the exchange of IPSEC parameters and algorithms. The algorithms used by IKE could be different than those negotiated for use by IPSEC. In particular the IKEv1 authentication algorithms are more limited than the IKEv2 algorithms.

Notes/Status

The -x option will delete a given remote or all remotes if "-x ALLREMOTES" is used. The -v option will display a given remote or all remotes if no -n parameter is given. Deleting a remote peer does not delete any Security Association (SAs) currently in use. Here are example CLI commands. These commands could appear together as they represent logically different remotes. The first two examples configure both IKEv1 and IKEv2 to the same remote peer, but only IKEv2 would be initiated to the remote while either IKEv1 or IKEv2 would be accepted. Notice that the algorithm lists can be different. Example 3 and 4 are similar but use IPv6 addresses. The names of the remotes are only used internally and do not reflect DNS name. Each policy command must reference a remote configured with the remote command. 1. IKEv2 [-z 2]: initiate using IKEv2 [-w] and accept, that is respond to, IKEv2 [-u], use presharedkey [-m PSK] with the shared secret "secret" [-h secret]

remote -n mongo -z 2 -w -u -a HMAC-MD5 -e 3DES-CBC -d MODP2048,MODP1024 -p HMAC-MD5 -m PSK -h secret

-r 10.0.0.76 -f ipv4:10.0.0.76 -g ipv4:10.0.0.140

2. IKEv1 [-z 1]: do not initiate using IKEv1 [there is no -w] and accept, that is respond to, IKEv1 [-u], use presharedkey [-m PSK] with the shared secret "secret" [-h secret]

remote -n mongo -z 1 -u -a SHA -e 3DES -d MODP1024 -p MD5 -m PSK -h secret

-r 10.0.0.76 -f ipv4:10.0.0.76 -g ipv4:10.0.0.140

3. IKEv2 [-z 2]: initiate using IKEv2 [-w] and accept, that is respond to, IKEv2 [-u], use presharedkey [-m PSK] with the shared secret "secret" [-h secret]

remote -n mongoV6 -z 2 -w -u -a HMAC-MD5 -e 3DES -d MODP2048,MODP1024 -p MD5 -m PSK -h secret

-r fe80::0240:f4ff:feed:8b77 -f ipv6:fe80::0240:f4ff:feed:8b77 -g ipv6:fe80::862b:2bff:fe88:2662

4. IKEv1 [-z 1]: do not initiate using IKEv1 [there is no -w] and accept, that is respond to, IKEv1 [-u], use presharedkey [-m PSK] with the shared secret "secret" [-h secret]

remote -n mongoV6 -z 1 -u -a SHA -e 3DES -d MODP1024 -p MD5 -m PSK -h secret

-r fe80::0240:f4ff:feed:8b77 -f ipv6:fe80::0240:f4ff:feed:8b77 -g ipv6:fe80::862b:2bff:fe88:2662

Location

This command is provided by the IKEv2 module when IKEv2 is defined.

8.7 ipsec policy

Command Name

ipsec policy - add, delete, and view IKE and IPSEC policy database information

Syntax

ipsec policy {-n -a [-c] -d -e -g [-h] [-k ] [-l] -m -n -p -r -s -t [-y]} ipsec policy {-v [-n ]} ipsec policy {-x }

Parameters

-a authentication protocol list

-c enable/disable inclusion of TFC padding in outgoing packets -- optional

-d destination id

-e encryption protocol list

-g remote name

-h short ICV length (for SHA2-xxx family) -- optional

-k IPSEC SA lifetime -- default is 3600, applies only when used with IKE

-l priority (1(highest)...7(lowest)) -- default is 4

-m IPsec mode (transport or tunnel)

-n policy name

-p upper-layer protocol -- one of udp, tcp, icmp, icmp6, or any

-r remote endpoint

-s source id string

-t SA type -- AH, ESP, or AHESP

-v view policy -- all policies will be displayed unless used with -n

-x delete policy with given name or ALLPOLICIES

-y enable transmission of dummy packets -- optional

Description

This command will add, view, and display IKE and IPSEC policy database information.

Notes/Status

The -x option will delete a given policy or all policies if "-x ALLPOLICIES" is used. The -v option will display a given policy or all policies if no -n parameter is given. Higher priority policies (as indicated by the -l option) will be used when the packet matches more than one policy. For example, a policy to match and bypass UDP traffic to port 500 (the IKE port) should typically be given higher priority than a policy to secure UDP traffic to other ports. This allows the IKE protocol which uses port 500 to establish SAs for other UDP traffic. The bypass policy for IKE traffic is installed by default at priority level 2 when IKE is enable. Here are example CLI commands; however the commands must be on a single line. 1. ESP-only, transport mode, authentication (SHA1), encryption (3DES), udp protocol, IPv4

ipsec policy -n Policy1 -g mongo -c -h -l 4 -p udp -m transport -t ESP

-a HMAC-SHA-1 -e 3DES-CBC -r 10.0.0.76 -s 10.0.0.140 -d 10.0.0.76

2. ESP-only, transport mode, authentication (MD5 or SHA1) and encryption (NULL or 3DES or AES128), udp protocol, IPv4

ipsec policy -n Policy1 -g mongo -c -h -l 4 -p udp -m transport -t ESP

-a HMAC-MD5,HMAC-SHA-1 -e NULL_ENC,3DES-CBC,AES128-CBC -r 10.0.0.76 -s 10.0.0.140 -d 10.0.0.76

3. ESP-only, tunnel mode, encryption (3DES) and authentication (MD5), tcp protocol, IPv4

policy -n Policy2 -g mongo -t ESP -a HMAC-MD5 -e 3DES-CBC -m transport -p tcp -r 10.0.0.76 -s 10.0.0.140 -d 10.0.0.76

4. ESP-only, transport mode, encryption (3DES) and authentication (MD5), udp protocol, IPv6

policy -n Policy1V6 -g mongoV6 -t ESP -a HMAC-MD5 -e 3DES-CBC -m transport -p udp -r fe80::0240:f4ff:feed:8b77

-s fe80::862b:2bff:fe88:2662 -d fe80::0240:f4ff:feed:8b77

5. ESP-only, transport mode, encryption (AES128) and authentication (SHA), tcp protocol, IPv6

policy -n Policy2V6 -g mongoV6 -t ESP -a HMAC-SHA-1 -e AES128-CBC -m transport -p tcp -r fe80::0240:f4ff:feed:8b77

-s fe80::862b:2bff:fe88:2662 -d fe80::0240:f4ff:feed:8b77

Location

This command is provided by the IPsec module when IPSEC and IKEv2 are defined.

9 IPSec

ipsec addsa - add IPSec security association ipsec delsa - delete IPSec security association ipsec flush - flush IPsec security association and/or policy database ipsec netstat - display IPsec security association and/or policy database

9.1 ipsec addsa

Command Name

ipsec addsa - add IPSec security association

Syntax

ipsec addsa {-a -b -c} {-e -f -g} {-m -p -r -s -d} {-w -x -y -z}

Parameters

-a authentication protocol.

-b incoming authentication key>

-c outgoing authentication key.

-e encryption protocol.

-f incoming encryption key.

-g outgoing encryption key.

-m IPsec mode (transport or tunnel).

-p protocol number.

-r remote endpoint.

-s source id string.

-d destination id string.

-w incoming ESP SPI.

-x outgoing ESP SPI.

-y incoming AH SPI.

-z outgoing AH SPI.

Description

This command adds an IPsec security association with the specified parameters.

Notes/Status

Here are example CLI commands that illustrate the configuration of ESP-only, AH-only, and ESP+AH static security associations. Each example contains two CLI commands, one for each of the two InterNiche TCP/IP stacks being used to establish a secure connection. The AES and 3DES privacy algorithms can be specified via "AES" and "3DES" respectively. The SHA2 family of authentication algorithms are identified via the following names: "SHA256", "SHA384", and "SHA512". 1. ESP-only, transport mode, encryption (DES-CBC) and authentication (SHA1), all protocols ("any"), IPv4

ipsec addsa -a SHA -b 00000000000000000000000000000000bbbbbbbb -c 00000000000000000000000000000000aaaaaaaa

-e DES -f 00000000ffffffff -g 00000000eeeeeeee -m transport -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff

ipsec addsa -a SHA -b 00000000000000000000000000000000aaaaaaaa -c 00000000000000000000000000000000bbbbbbbb

-e DES -f 00000000eeeeeeee -g 00000000ffffffff -m transport -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee

2. ESP-only, tunnel mode, encryption (DES-CBC) and authentication (SHA1), all protocols ("any"), IPv4

ipsec addsa -a SHA -b 00000000000000000000000000000000bbbbbbbb -c 00000000000000000000000000000000aaaaaaaa

-e DES -f 00000000ffffffff -g 00000000eeeeeeee -m tunnel -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff

ipsec addsa -a SHA -b 00000000000000000000000000000000aaaaaaaa -c 00000000000000000000000000000000bbbbbbbb

-e DES -f 00000000eeeeeeee -g 00000000ffffffff -m tunnel -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee

3. ESP-only, transport mode, encryption (DES-CBC) and authentication (MD5), all protocols ("any"), IPv4

ipsec addsa -a MD5 -b 000000000000000000000000bbbbbbbb -c 000000000000000000000000aaaaaaaa -e DES

-f 00000000ffffffff -g 00000000eeeeeeee -m transport -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff

ipsec addsa -a MD5 -b 000000000000000000000000aaaaaaaa -c 000000000000000000000000bbbbbbbb -e DES

-f 00000000eeeeeeee -g 00000000ffffffff -m transport -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-x 0xeeeeeeee -w 0xffffffff

4. ESP-only, tunnel mode, encryption (DES-CBC) and authentication (MD5), all protocols ("any"), IPv4

ipsec addsa -a MD5 -b 000000000000000000000000bbbbbbbb -c 000000000000000000000000aaaaaaaa -e DES

-f 00000000ffffffff -g 00000000eeeeeeee -m tunnel -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff

ipsec addsa -a MD5 -b 000000000000000000000000aaaaaaaa -c 000000000000000000000000bbbbbbbb -e DES

-f 00000000eeeeeeee -g 00000000ffffffff -m tunnel -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee

5. AH-only, transport mode, authentication (MD5), all protocols ("any"), IPv4

ipsec addsa -a MD5 -b 000000000000000000000000bbbbbbbb -c 000000000000000000000000aaaaaaaa -m transport

-p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112 -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a MD5 -b 000000000000000000000000aaaaaaaa -c 000000000000000000000000bbbbbbbb -m transport

-p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114 -y 0xffffffff -z 0xeeeeeeee

6. AH-only, tunnel mode, authentication (MD5), all protocols ("any"), IPv4

ipsec addsa -a MD5 -b 000000000000000000000000bbbbbbbb -c 000000000000000000000000aaaaaaaa -m tunnel

-p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112 -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a MD5 -b 000000000000000000000000aaaaaaaa -c 000000000000000000000000bbbbbbbb -m tunnel

-p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114 -y 0xffffffff -z 0xeeeeeeee

7. AH-only, transport mode, authentication (SHA1), all protocols ("any"), IPv4

ipsec addsa -a SHA -b 00000000000000000000000000000000bbbbbbbb -c 00000000000000000000000000000000aaaaaaaa

-m transport -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112 -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a SHA -b 00000000000000000000000000000000aaaaaaaa -c 00000000000000000000000000000000bbbbbbbb

-m transport -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114 -z 0xeeeeeeee -y 0xffffffff

8. AH-only, tunnel mode, authentication (SHA1), all protocols ("any"), IPv4

ipsec addsa -a SHA -b 00000000000000000000000000000000bbbbbbbb -c 00000000000000000000000000000000aaaaaaaa

-m tunnel -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112 -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a SHA -b 00000000000000000000000000000000aaaaaaaa -c 00000000000000000000000000000000bbbbbbbb

-m tunnel -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114 -z 0xeeeeeeee -y 0xffffffff

9. ESP+AH, transport mode, encryption (DES-CBC) (with ESP), authentication (MD5) (with AH), all protocols ("any"), IPv4

ipsec addsa -a MD5 -b 000000000000000000000000bbbbbbbb -c 000000000000000000000000aaaaaaaa -e DES

-f 00000000ffffffff -g 00000000eeeeeeee -m transport -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a MD5 -b 000000000000000000000000aaaaaaaa -c 000000000000000000000000bbbbbbbb -e DES

-f 00000000eeeeeeee -g 00000000ffffffff -m transport -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee -y 0xffffffff -z 0xeeeeeeee

10. ESP+AH, tunnel mode, encryption (DES-CBC) (with ESP), authentication (MD5) (with AH), all protocols ("any"), IPv4

ipsec addsa -a MD5 -b 000000000000000000000000bbbbbbbb -c 000000000000000000000000aaaaaaaa -e DES

-f 00000000ffffffff -g 00000000eeeeeeee -m tunnel -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a MD5 -b 000000000000000000000000aaaaaaaa -c 000000000000000000000000bbbbbbbb -e DES

-f 00000000eeeeeeee -g 00000000ffffffff -m tunnel -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee -y 0xffffffff -z 0xeeeeeeee

11. ESP+AH, transport mode, encryption (DES-CBC) (with ESP), authentication (SHA1) (with AH), all protocols ("any"), IPv4

ipsec addsa -a SHA -b 00000000000000000000000000000000bbbbbbbb -c 00000000000000000000000000000000aaaaaaaa

-e DES -f 00000000ffffffff -g 00000000eeeeeeee -m transport -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a SHA -b 00000000000000000000000000000000aaaaaaaa -c 00000000000000000000000000000000bbbbbbbb

-e DES -f 00000000eeeeeeee -g 00000000ffffffff -m transport -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee -y 0xffffffff -z 0xeeeeeeee

12. ESP+AH, tunnel mode, encryption (DES-CBC) (with ESP), authentication (SHA1) (with AH), all protocols ("any"), IPv4

ipsec addsa -a SHA -b 00000000000000000000000000000000bbbbbbbb -c 00000000000000000000000000000000aaaaaaaa

-e DES -f 00000000ffffffff -g 00000000eeeeeeee -m tunnel -p 0 -r 10.0.0.112 -s 10.0.0.114 -d 10.0.0.112

-w 0xeeeeeeee -x 0xffffffff -y 0xeeeeeeee -z 0xffffffff

ipsec addsa -a SHA -b 00000000000000000000000000000000aaaaaaaa -c 00000000000000000000000000000000bbbbbbbb

-e DES -f 00000000eeeeeeee -g 00000000ffffffff -m tunnel -p 0 -r 10.0.0.114 -s 10.0.0.112 -d 10.0.0.114

-w 0xffffffff -x 0xeeeeeeee -y 0xffffffff -z 0xeeeeeeee

Location

This command is provided by the IPsec module when IPSEC is defined.

9.2 ipsec delsa

Command Name

ipsec delsa - delete IPSec security association

Syntax

ipsec delsa -d -p -s

Parameters

-d destination id string.

-p protocol number.

-s source id string.

Description

This command deletes a security association with the specified source id string, destination id string, and protocol number.

Location

This command is provided by the IPsec module when IPsec is defined.

9.3 ipsec flush

Command Name

ipsec flush - flush IPsec security association and/or policy database

Syntax

ipsec flush -a -c -p

Parameters

-a flush IPsec security association and security policy databases.

-c flush IPsec security association database.

-p flush IPsec security policy database.

Description

This command flushes IPsec security association and/or security policy databases.

Location

This command is provided by the IPsec module when IPsec is defined.

9.4 ipsec netstat

Command Name

ipsec netstat - display IPsec security association and/or policy database

Syntax

ipsec netstat -c -p

Parameters

-c display information about IPsec security associations.

-p display information about IPsec security policies.

Description

This command displays information about IPsec security associations and/or security policies.

Notes/Status

When no options are specified, this command displays information about IPsec security associations and security policies.

Location

This command is provided by the IPsec module when IPsec is defined.

10 IPv6

rt6add - Create an IPv6 route table entry rt6del - Delete an IPv6 route table entry rt6list - List current IPv6 routes table rt6man - Manage IPv6 router rt6prfx - Set router prefixes

10.1 ipv6 rt6add

Command Name

rt6add - Create an IPv6 route table entry

Syntax

rt6add -a %/ -b %

Parameters

-a Argument of type IPv6 address, indicating the destination address.

-b Argument of type IPv6 address, indicating the next hop address.

Description

This command rt6add will create an IPv6 route table entry.

is a global unicast IPv6 address.

is the scope ID (1, 2, etc) of the interface of the address.

is the prefix length of the address.

Location

This command is provided by the IPv6 module when IP_V6 is defined.

10.2 ipv6 rt6del

Command Name

rt6del - Delete an IPv6 route table entry

Syntax

rt6del -a %/

Parameters

-a Argument of type IPv6 address, indicating the address to be deleted.

Description

This command rt6add will delete an IPv6 route table entry.

is a global unicast IPv6 address.

is the scope ID (1, 2, etc) of the IF of the address.

is the prefix length of the address.

Location

This command is provided by the IPv6 module when IP_V6 is defined.

10.3 ipv6 rt6list

Command Name

rt6list - List current IPv6 routes table

Syntax

rt6list

Parameters

none

Description

This command rt6list will list current IPv6 routes table.

Location

This command is provided by the IPv6 module when IP_V6 is defined.

10.4 ipv6 rt6man

Command Name

rt6man - Manage IPv6 router

Syntax

rt6man [-d ] [-f] [-g] [-r ] [-s ] [-m number] [-n number] [-l number] [-t number] [-e number] [-c number] [- p ( L | M | H ) ] [-v number]

Parameters

-c Argument of type UINT, setting the AdvCurHopLimit

-d Presence puts in all defaults, before any other args

-e Argument of type UINT, setting the AdvRetransTimer

-f Presence turns on forwarding

-g Presence turns off forwarding

-l Argument of type UINT, setting the AdvLinkMTU

-m Argument of type UINT, setting the MaxRtrAdvInterval

-n Argument of type UINT, setting the MinRtrAdvInterval

-p Argument of type STRING, sets router preferences (RFC4191) ( L | M | H ) (low OR medium OR high)

-r Presence turns on sending of Router Advertisements

-s Presence turns off sending of Router Advertisements

-t Argument of type UINT, setting the AdvReachableTime

-v Argument of type UINT, setting the AdvDefaultLifetime

Description

This command rt6man sets the basic behavior of the IPv6 static router. Each of the variables MaxRtrAdvInterval, MinRtrAdvInterval, AdvLinkMTU, AdvReachableTime, AdvRetransTimer, AdvCurHopLimit, AdvDefaultLifetime; are explained in detail in RFC4861.

Location

This command is provided by the IPv6 module when IP_V6 is defined.

10.5 ipv6 rt6prfx

Command Name

rt6prfx - Set router prefixes

Syntax

rt6prfx -a %/ -p -i -l [-o]

Parameters

-a Argument of type IPv6 address. Adds a prefix to be advertised.

-p Argument of type UINT. The Path MTU (PMTU) for this link to be sent in the router's advertisements.

-i Argument of type UINT. Valid lifetime in seconds for the prefix

-l Argument of type UINT. Preferred Lifetime in seconds for

-o Presence of this sets the prefix as "off-link", on-link flag is reset. The default is "on-link"

Description

This command rt6prfx sets address, PMTU, and lifetimes of a prefix; these are explained in detail in RFC4861.

is a global unicast IPv6 address.

is the scope ID (1, 2, etc) of the IF of the address.

is the prefix length of the address.

Notes/Status

The value for the -l option must be less than or equal to the value for the -r option. Durations greater than INFINITE_DELAY (0x7FFFFFFF) will be set to INFINITE_DELAY.

Location

This command is provided by the IPv6 module when IP_V6 and IP6_MENUS are defined.

11 Multicast

igmp add - join an IP multicast group igmp cfg - configure IGMPv3 protocol parameters igmp drop - unsubscribe from an IP multicast group igmp mode - specify IGMP version igmp netstat - display IGMP statistics and status igmp sock - create, delete, or display multicast information for a UDP/IPv4 socket mld - Configure the Multicast Listener Discovery protocol (MLD (RFC 2710) and MLDv2 (RFC 3810))

11.1 igmp add

Command Name

igmp add - join an IP multicast group

Syntax

igmp add -g -i -s [-x] [- y] [-m] [-a] [-o ]

Parameters

-a Indicates that the addresses specified are allowed (when present), or blocked (when absent).

-g Multicast group address.

-i Interface identifier.

-m Use MCAST_xxx set of socket options for multicast membership changes.

-o List of allowed or blocked source IPv4 addresses.

-s Socket identifier.

-x use setipv4sourcefilter() API to configure multicast membership information.

-y use setsourcefilter() API to configure multicast membership information.

Description

This command is used to join a IPv4 multicast group on an interface via a (previously created) UDP /IPv4 socket. The source filtering features are only available if IGMPv3 is enabled in the system.

Notes/Status

The multicast group address must be specified in dotted-decimal notation. The interface can be specified either via its name or its (one-based) index. The IGMP protocol that will operate on the link must be configured via the "igmp mode" CLI command. The socket identifier is obtained from the output of a "igmp sock -c" CLI command. The use of the -m, -x, and -y options is optional. In the absence of these options, the membership will be updated via the IP_xxx series of socket options. Only one of the -m, -x, and - y options can be used in one invocation of this command. Example invocation sequences: 1. use IP_ADD_MEMBERSHIP to join 224.0.0.77 on interface 1 via socket 0xba02d4

igmp add -g 224.0.0.77 -i 1 -s 0xba02d4

2. use IP_ADD_SOURCE_MEMBERSHIP to join 224.0.0.77 on interface 1 via socket 0xba02d4, and accept packets from 10.0.0.77

igmp add -g 224.0.0.77 -i 1 -s 0xba044c -a -o 10.0.0.77

3. use MCAST_JOIN_GROUP to join 224.0.0.77 on interface 1 via socket 0xba044c

igmp add -g 224.0.0.77 -i 1 -s 0xba044c -m

4. use MCAST_JOIN_SOURCE_GROUP to start accepting packets from 10.0.0.77 and destined to 224.0.0.77 on interface 1

igmp add -g 224.0.0.77 -i 1 -s 0xba02d4 -a -o 10.0.0.77 -m

5. use MCAST_BLOCK_SOURCE to block reception of packets from 10.0.0.77 and destined to 224.0.0.77 on interface 1 (after joining the group in EXCLUDE(none) mode earlier (e.g., via MCAST_JOIN_GROUP))

igmp add -g 224.0.0.77 -i 1 -s 0xba02d4 -o 10.0.0.77 -m

6. use setipv4sourcefilter() to join 224.0.0.77 on interface 1, and accept packets from two sources (10.0.0.77 and 10.0.0.88)

igmp add -g 224.0.0.77 -i 1 -s 0xba02d4 -a -o "10.0.0.77 10.0.0.88" -x

7. use setsourcefilter() to join 224.0.0.77 on interface 1, and accept packets from two sources (10.0.0.77 and 10.0.0.88)

igmp add -g 224.0.0.77 -i 1 -s 0xba02d4 -a -o "10.0.0.77 10.0.0.88" -y

Location

This command is provided by the IGMP module when IP_MULTICAST and at least one of USE_IGMPV1 , USE_IGMPV2, or USE_IGMPV3 is defined.

11.2 igmp cfg

Command Name

igmp cfg - configure IGMPv3 protocol parameters

Syntax

igmp cfg -i {-r <#transmissions> | -u <#seconds>}

Parameters

-r configure Robustness Variable.

-u configure Unsolicited Report Interval.

Description

This command is used to configure parameters for the IGMPv3 protocol.

Notes/Status

The existing implementation does not support the configuration of Robustness Variable and Unsolicited Report Interval for IGMPv2.

Location

This command is provided by the IGMP module when IP_MULTICAST and USE_IGMPV3 are defined.

11.3 igmp drop

Command Name

igmp drop - unsubscribe from an IP multicast group

Syntax

igmp add -g -i -s [-m] [- a] [-o ]

Parameters

-a Indicates that the addresses specified are allowed (when present), or blocked (when absent).

-g Multicast group address.

-i Interface identifier.

-m Use MCAST_xxx set of socket options for multicast membership changes.

-o List of allowed or blocked source IPv4 addresses.

-s Socket identifier.

Description

This command is used to drop out of a IPv4 multicast group on an interface via a UDP/IPv4 socket. The source filtering features are only available if IGMPv3 is enabled in the system.

Notes/Status

The multicast group address must be specified in dotted-decimal notation. The interface can be specified either via its name or its (one-based) index. The socket identifier is obtained from the output of a "igmp sock -c" CLI command. In the absence of the -m option, the membership will be updated via the IP_xxx series of socket options. Example invocation sequences: 1. use IP_DROP_MEMBERSHIP to stop receiving packets destined to 224.0.0.77 on interface 1 via socket 0xba02d4

igmp drop -g 224.0.0.77 -i 1 -s 0xba02d4

2. use IP_DROP_SOURCE_MEMBERSHIP to stop receiving packets from 10.0.0.77 and destined to 224.0.0.77 on interface 1 via socket 0xba02d4

igmp drop -g 224.0.0.77 -i 1 -s 0xba02d4 -a -o 10.0.0.77

3. use MCAST_LEAVE_GROUP to stop receiving packets destined to 224.0.0.77 on interface 1 via socket 0xba044c

igmp drop -g 224.0.0.77 -i 1 -s 0xba044c -m

4. use MCAST_LEAVE_SOURCE_GROUP to stop accepting packets from 10.0.0.77 and destined to 224.0.0.77 on interface 1

igmp drop -g 224.0.0.77 -i 1 -s 0xba02d4 -a -o 10.0.0.77 -m

5. use MCAST_UNBLOCK_SOURCE to unblock reception of packets from 10.0.0.77 and destined to 224.0.0.77 on interface 1

igmp drop -g 224.0.0.77 -i 1 -s 0xba02d4 -o 10.0.0.77 -m

Location

This command is provided by the IGMP module when IP_MULTICAST and at least one of USE_IGMPV1 , USE_IGMPV2, or USE_IGMPV3 is defined.

11.4 igmp mode

Command Name

igmp mode - specify IGMP version

Syntax

igmp mode {-i -v <1 | 2 | 3>}

Parameters

-i Specify interface whose IGMP administrative mode (version) is being set.

-v Specify IGMP version to run.

Description

This command sets the IGMP administrative mode (version) of a particular interface.

Notes/Status

The interface can be specified either via its name or its (one-based) index. The operational mode of an interface may be lower than its administratively-specified mode.

Location

This command is provided by the IGMP module when IP_MULTICAST and at least one of USE_IGMPV1 , USE_IGMPV2, or USE_IGMPV3 is defined.

11.5 igmp netstat

Command Name

igmp netstat - display IGMP statistics and status

Syntax

igmp netstat

Parameters

None

Description

This command displays statistics associated with the IGMP module.

Notes/Status

The statistics are not collected on a per-interface basis.

Location

This command is provided by the IGMP module when IP_MULTICAST and at least one of USE_IGMPV1 , USE_IGMPV2, or USE_IGMPV3 is defined.

11.6 igmp sock

Command Name

igmp sock - create, delete, or display multicast information for a UDP/IPv4 socket

Syntax

igmp sock {-c | {{-d | -p} -s } | {{-x | -y} -g - i -s }}

Parameters

-c create a UDP/IPv4 socket.

-d delete a socket.

-p print multicast-related information for socket.

-x use getipv4sourcefilter() API to print multicast membership information.

-y use getsourcefilter() API to print multicast membership information.

Description

This command is used to create a UDP/IPv4 socket (for use in subsequent multicast operations), delete a socket, or display multicast-related information for a socket.

Notes/Status

When used with the -c option, this commands prints out an identifier for the newly created socket. This identifier is used in subsequent "igmp add" and "igmp drop" CLI commands. Example invocation sequences: 1. create UDP/IPv4 socket

igmp sock -c

2. delete UDP/IPv4 socket 0xba02d4

igmp sock -d -s 0xba02d4

3. print membership information for socket 0xba02d4

igmp sock -p -s 0xba02d4

4. print membership information (via getipv4sourcefilter()) for 224.0.0.77 on interface 1 for socket 0xba02d4

igmp sock -p -g 224.0.0.77 -i 1 -s 0xba02d4 -x

5. print membership information (via getsourcefilter()) for 224.0.0.77 on interface 1 for socket 0xba02d4

igmp sock -p -g 224.0.0.77 -i 1 -s 0xba02d4 -y

Location

This command is provided by the IGMP module when IP_MULTICAST and at least one of USE_IGMPV1 , USE_IGMPV2, or USE_IGMPV3 is defined.

11.7 mld

Command Name

mld - Configure the Multicast Listener Discovery protocol (MLD (RFC 2710) and MLDv2 (RFC 3810))

Syntax

mld {-c} {-d -s } {-e -i {{-r <# of transmissions>} | {-t 0 | 1} | {-u } | {-v }}}

{-j -g -s {[-m [[-a] -o ]] | [-y [[-a] -o ]]}}

{-l -g -s [-m [[-a] -o ]]}

{-p -s [-y -g ]} {-z}

Parameters

-a Indicates that the addresses specified are allowed when present, or blocked when absent (for MLDv2 only).

-c Create a UDP/IPv6 socket for use in subsequent multicast test operations.

-d Delete a UDP/IPv6 socket.

-e Configure MLD version or parameter for the specified interface.

-g Specify the multicast group address and interface identifier.

-i Interface identifier.

-j Add membership in specified multicast group on interface to socket.

-l Delete membership in specified multicast group on interface from socket.

-m Add or drop multicast membership via the MCAST_xxx set of socket options when present, or via IPV6_xxx options or setsourcefilter() when absent.

-o List of allowed or blocked source IPv4 addresses (for MLDv2 only).

-p Print multicast information for socket.

-r Robustness Variable (for MLDv2 only).

-s Socket identifier.

-t Enable (1) or disable (0) the optimization related to the transmission of the Multicast Listener Done message.

-u Configure Unsolicited Report Interval (in units of seconds).

-v MLD version number (1 for MLD, 2 for MLDv2).

-y use getsourcefilter() to obtain multicast membership information, or use setsourcefilter() to update membership information (for MLDv2 only).

-z Display MLD statistics.

Description

This command can be used to (1) configure the MLD protocol, (2) display status and statistics information for the protocol, and (3) perform test operations (e.g., add group or leave group) to initiate MLD signaling (e.g., send Multicast Listener Report or Multicast Listener Done message).

Notes/Status

Example invocation sequences: 1. configure MLD version number on interface 'nd0' to MLDv2

mld -e -i nd0 -v 2

2. create UDP/IPv6 socket

mld -c

3. delete UDP/IPv6 socket

mld -d -s 0xba144c

4. use IPV6_JOIN_GROUP to join ff02::7777 on interface 1 via socket 0xba144c

mld -j -g ff02::7777%1 -s 0xba144c

5. use IPV6_LEAVE_GROUP to leave ff02::7777 on interface 1 from socket 0xba144c

mld -l -g ff02::7777%1 -s 0xba144c

6. use setsourcefilter() to join ff02::7777 on interface 1 via socket 0xba144c

mld -j -g ff02::7777%1 -s 0xba144c -y

7. use setsourcefilter() to join ff02::7777 on interface 1, and accept packets from two sources (fe80::240:f4ff:feed:8b77 and fe80::211:2fff:fe1a:5518)

mld -j -g ff02::7777%1 -s 0xba144c -a -o "fe80::240:f4ff:feed:8b77 fe80::211:2fff:fe1a:5518" -y

8. use MCAST_JOIN_GROUP to join ff02::7777 on interface 1 via socket 0xba144c

mld -j -g ff02::7777%1 -s 0xba144c -m

9. use MCAST_LEAVE_GROUP to leave ff02::7777 on interface 1 via socket 0xba144c

mld -l -g ff02::7777%1 -s 0xba144c -m

10. use MCAST_JOIN_SOURCE_GROUP to start accepting packets from fe80::240:f4ff:feed: 8b77 and destined to ff02::7777 on interface 1

mld -j -g ff02::7777%1 -s 0xba144c -a -o fe80::240:f4ff:feed:8b77 -m

11. use MCAST_LEAVE_SOURCE_GROUP to stop accepting packets from fe80::240:f4ff: feed:8b77 and destined to ff02::7777 on interface 1

mld -l -g ff02::7777%1 -s 0xba144c -a -o fe80::240:f4ff:feed:8b77 -m

12. join ff02::7777 in EXCLUDE(none) mode via IPV6_JOIN_GROUP

mld -j -g ff02::7777%1 -s 0xba144c

or, use MCAST_JOIN_GROUP to join ff02::7777 in EXCLUDE(none) mode

mld -j -g ff02::7777%1 -s 0xba144c -m

having joined by either of the preceding methods, use MCAST_BLOCK_SOURCE to block reception of packets from fe80::240:f4ff:feed:8b77 and destined to ff02::7777 on interface 1

mld -j -g ff02::7777%1 -s 0xba144c -o fe80::240:f4ff:feed:8b77 -m

use MCAST_UNBLOCK_SOURCE to unblock reception of packets from fe80::240:f4ff: feed:8b77 and destined to ff02::7777 on interface 1

mld -l -g ff02::7777%1 -s 0xba144c -o fe80::240:f4ff:feed:8b77 -m

13. print membership information for ff02::7777 on interface 1 for socket 0xba144c

mld -p -g ff02::7777%1 -s 0xba144c -y

14. print membership information for socket 0xba144c

mld -p -s 0xba144c

Location

This command is provided by the IPv6 module when IP_V6, IP_MULTICAST, and USE_MLD are defined. Some options are specific to MLDv2, and require USE_MLDV2 to be defined. (MLDv2 requires MLD to be enabled for correct operation.)

12 NAT

nat natset - configure NAT module nat natxip - expunge IPv4 address from NAT tables nat netstat - display NAT statistics and status

12.1 nat natset

Command Name

nat natset - configure NAT module

Syntax

natset {-a -b -c } -e <0 | 1> - f -i -l -m {- o -p -q -r -s } -t -u -w

Parameters

-a Create alias list entry.

-b Inside IPv4 address for alias list entry.

-c Outside IPv4 address for alias list entry.

-e Enable (or disable) NAT.

-f Set local IPsec host's IPv4 address.

-i Set inet network number.

-l Set local network number.

-m Set TCP MSS (bytes).

-o Create proxy server list entry.

-p Protocol (TCP or UDP) for proxy server list entry.

-q Inside port number for proxy server list entry.

-r Inside IPv4 address for proxy server list entry.

-s Outside port number for proxy server list entry.

-t Set TCP timeout (seconds).

-u Set UDP timeout (seconds).

-w Set TCP window size (bytes).

Description

This command sets various configuration parameters for the NAT module.

Location

This command is provided by the NAT module when NATRT is defined.

12.2 nat natxip

Command

nat natxip - expunge IPv4 address from NAT tables

Syntax

natxip -a

Parameters

-a IPv4 address to be expunged.

Description

This command deletes entries that correspond to this IPv4 address from the various NAT tables.

Location

This command is provided by the NAT module when NATRT is defined.

12.3 nat netstat

Command Name

nat netstat - display NAT statistics and status

Syntax

netstat -a -c {-d -e } -f {-g -i } -l -p -s

Parameters

-a Display all information.

-c Display NAT connection table.

-d Display NAT connection entry.

-e Outside port number (for NAT connection entry).

-f Display NAT fragmentation queue.

-g Display NAT fragmentation entry.

-i Index of NAT fragmentation entry.

-l Display NAT alias list.

-p Display NAT proxy server list.

-s Display NAT statistics.

Description

This command displays statistics for the NAT module.

Location

This command is provided by the NAT module when NATRT is defined.

13 PPP

modem config - Configure global Modem parameters modem dialer - Initiate (dial) or hangup a Modem session modem netstat - Display MODEM status and statistics ppp config - Configure or display PPP global parameters ppp netstat - Display PPP status and statistics ppp pdebug - Configure PPP debug options ppp plink - Control a PPP interface ppp plnkcfg - Configure PPP per-interface parameters

13.1 modem config

Command Name

modem config - Configure global Modem parameters

Syntax

modem config [-a ] [-d ] [-t ]

Parameters

-a string: Initialization "AT" command

-d Dialer string: Phone number plus other characters if required

-t Line idle timeout in seconds

Description

This command configures global parameters for the Modem module

Location

This command is provided by the Modem module when USE_MODEM is defined.

13.2 modem dialer

Command Name

modem dialer - Initiate (dial) or hangup a Modem session

Syntax

modem dialer -n [-d] [-h]

Parameters

-n string: interface name in the form shown by the iface command (e.g., "pp0")

-d Dial/Initiate a modem connection

-h Hang up/close a modem connection

Description

This command controls a modem interface

Notes/Status

Option '-n' is required. Only a single interface name can be entered.

Location

This command is provided by the Modem module when USE_MODEM is defined

13.3 modem netstat

Command Name

modem netstat - Display MODEM status and statistics.

Syntax

modem netstat

Parameters

None

Description

This command displays the status and configuration of each modem in the system.

Notes/Status

Location

This command is provided by the Modem module when USE_MODEM is defined.

13.4 ppp config

Command Name

ppp config - Configure or display PPP global parameters.

Syntax

ppp config [-a ] [-e ] [-t ] [-z ] [-c ] [-m ] [-p ] [-s ]

[-d ] [-x ] [-y ]

Parameters

-c string: Require CHAP, "req" or "pref" or "no"

-m string: Set preferred CHAP type, "md5" or "mschap"

-p string: Require PAP, "req" or "pref" or "no"

-s string: Secret for CHAP authentication

-a string: Access Concentrator name tag

-e Interval in seconds between echo requests. 0 = No echo requests

-t Line timeout in seconds. 0 = No timeout.

-z string: Server service name tag

-d string: DNS server addresses, "req" (request) or "prov" (provide) or "no"

-x IPv4 address to provide to peers as their primary DNS server

-y IPv4 address to provide to peers as their secondary DNS server

Description

This command configures PPP global parameters. The options 'c', 'm' 'p' and 's' are related to CHAP and PAP. Options 'a', 'e', 't' and 'z' are specific to PPPoE. Command options 'd', 'x' and 'y' pertain to setting PPP DNS server information.

Notes/Status

ppp config without any options displays the current state of the dynamically configurable PPP global variables. Options '-c' and '-s' are only available if CHAP_SUPPORT is defined. Option '-p' is only available if PAP_SUPPORT is defined. Option '-m' is only available if both CHAP_SUPPORT and MSCHAP_SUPPORT are defined. The value set will be requested, but negotiation may result in the other type being used. For Options '-c' and '-p', "req" means that negotiations will fail if the peer does not agree to the required protocol. "pref" means, if the local system is the client, it will request this authorization protocol. If the local system is the server, it will NAK the first request for a different authorization protocol. However, if the peer persists, it will accept the alternate protocol if available. "No" means not required. The local system will freely negotiate any of the available options. Options '-a', '-e', '-t', and '-z' are only available if USE_PPPOE is defined. Option '-t', the idle timeout, must be larger than option '-e', the echo request interval. Option '-d', '-x', and '-y' are only available if PPP_DNS is defined. If option '-d' is set to "req", the local system will request DNS server addresses from the peer. The current values (may be zero) in the dns_servers[] array will be provided in the request. The peer may accept these or provide new DNS server addresses. New addresses will be added to the end of the array, if there is room. Otherwise, they will be ignored. Note: If there are no addresses in the local dns_servers[] array and local system requests DNS server address and the peer does not provide at least one, then IPCP negotiations will fail. If option '-d' is set to "prov", the local system will provide DNS server addresses to any peer that requests them. The parmary and secondary DNS server addresses that will be provided can be set either in ppp_port.h or by the '-x' and '-y' options to this command. At least one address must be non-zero. A zero address will not be provided to the peer If option '-d' is set to "no", PPP will no longer request or provide DNS server addresses For options '-x', '-y', if the addresses already exist, they will be replaced with the new values. Note: these values have no effect on the values in the local dns_servers[] array.

Location

This command is provided by the ppp module when USE_PPP is defined.

13.5 ppp netstat

Command Name

ppp netstat - Display PPP status and statistics.

Syntax

ppp netstat [-l] [-n < iface name>] [-p] [-s]

Parameters

-l (default) Displays a brief summary of the status of all of the PPP links in the system.

-n string: "ALL" or interface name in the form shown by the iface command (e.g., "pp0").

-p Displays a summary of PPPOE links.

-s Displays PPPOE sessions.

Description

When used without options or with the -l option, this command displays a brief summary of the status of all of the PPP links in the system. There is one line of output per link.

Sample output:

index link_addr iface flags type LCP IPCP 0 00BC8328 pp0 80 ATMODEM INITIAL INITIAL

When used with -n, it displays extensive information about the specified link(s)

When used with -p, it displays configuration information about all pppoe links, 2 lines of output per link.

When used with -s, it displays a summary of the status of all active pppoe sessions, 3 lines of output per session.

Sample output:

state: retrys: ID: iface: Service: AC: pkts; in: out: last-ctrl: last-rxdata:

Notes/Status

The -p and -s options are only available when USE_PPPOE is defined

Location

This command is provided by the PPP module when USE_PPP is defined

13.6 ppp pdebug

Command Name

ppp pdebug - Configure PPP debug options

Syntax

pdebug [-d ] [-f ] [-h ] [-l ]

Parameters

"pdebug" without parameters displays the current state of debug options

-d string: Turn on debugging, "on" or "off"

-f string: Send debug messages to PPPLOGFILE, "on" or "off"

-h string: Hexdump PPP packet data, "on" or "off"

-l integer specifying the maximum length of the hexdump for a message.

Description

This command configures PPP debug options

Notes/Status

If -f is set, data will be written only to PPPLOGFILE. One of the options -d or -f must be set in order to turn on hexdump. Option -f is only available when PPP_LOGFILE is defined. Options -h and -l are only available when PPP_HEXDUMP is defined.

Location

This command is provided by the ppp module when USE_PPP is defined.

13.7 ppp plink

Command Name

ppp plink - Control a PPP interface

Syntax

ppp plink -n -d | -u

Parameters

-n string: interface name in the form shown by the iface command (e.g., "pp0")

-d Take the specified interface down

-u Bring the specified interface up

Description

This command controls a PPP interface

Notes/Status

Option '-n' is required. Only a single interface name can be entered.

Location

This command is provided by the ppp module when USE_PPP is defined.

13.8 ppp plnkcfg

Name

ppp plnkcfg - Configure PPP per-interface parameters

Syntax

ppp plnkcfg -n [-a ] [-c ] [-d ] [-i ] [-j ] [-m ] [-p ] [-r ] [-u ] [-v ]

Parameters

- string: "ALL" or interface name in the form shown by the iface command (e.g., "pp0"). The n options below will apply to this interface or all PPP interfaces

- string: Allow peer to set our local address, "yes" or "no" a

- string: Can negotiate local link's IPV6IFID, "yes" or "no" c

- string: Use DHCP, "yes" or "no" d

- string in the form XXXX:XXXX:XXXX:XXXX that specifies an IP_V6 IFID to use, where each 'X' i represents a hexidecimal digit. This IFID will be used for the link specified by the -n option

- string: Use VJ Compression, "yes" or "no" j

- integer specifying the maximum transmission unit m

- string specifying the password to be sent for authentication p

- integer specifying the maximum receive unit r

- string specifying a username to be sent for authentication u

- string "ip4" or "ip6". The local interface will request this version with its initial configuration v request

Description

This command configures PPP per-interface parameters

Notes/Status

Option '-n' is required. Only "all" or a single interface name can be entered. The "all" string only applies to PPP interfaces. If "all" is specified, then the options specified will apply to each existing PPP interface and to those created dynamically at a later time. If option '-a' is set to "yes", the IP-address option will be set in the IPCP configuration request. The current address, which may be zero, for that PPP interface will be included in the option. If the peer NAKs the value we sent and sends a different address, we will accept and use it Options '-c' and '-i' are only available if IP_V6 is defined. Note: "all" cannot be used with the '-i' option. Option '-d' is only available if PPP_DHCP_CLIENT is defined. Option '-j' is only available if PPP_VJC is defined. Option '-v' is only available if both IP_V4 and IP_V6 are defined. By default, IPv4 will be used unless the remote system specifies IPv6. The version specified by this option will be requested in the initial configuration request; however, IP4 may still be selected as a result of negotiations with the peer.

Location

This command is provided by the ppp module when USE_PPP is defined.

14 RIP

rip config - Configure RIP global variables rip netstat - Displays RIP statistics ripauth - Add/remove/display entries in the RIP authorization table riprefuse - Add/remove/display entries in the RIP refuse table riproute - add/remove/display routes

14.1 rip config

Command Name

rip config - Configure RIP global variables

Syntax

rip config -b -d -t -z

Parameters

-b Broadcast interval in seconds

-d Deletion interval in seconds

-t time to live in seconds

-z trigger interval in seconds

Description

This command configures RIP global variables

Notes/Status

The defaults for these variables were all set according to the recommendations of the RIP specification.

Location

This command is provided by the RIP module when RIP SUPPORT is defined.

14.2 rip netstat

Command Name

rip netstat - Displays RIP statistics

Syntax

rip netstat

Parameters

None Command takes no parameters

Description

This command is used to display statistics for RIP.

Location

This command is provided by the RIP module when RIP_SUPPORT is defined.

14.3 rip ripauth

Command Name

ripauth - Add/remove/display entries in the RIP authorization table

Syntax

ripauth [{-a | -r} -i -p ]

Parameters

ripauth without parameters will display the current RIP authorization table

-a Add an entry to the RIP authorization table

-r Remove an entry from the RIP authorization table

-i Interface

-p Password

Description

This command is used to add, remove, or display entries in the RIP authorization table

Notes/Status

The authorization table only exists when RIP_AUTHENTICATION is defined. If parameters are entered, then either '-a' or '-r' is required, and '-i' and '-p' are both required.

Location

This command is provided by the RIP module when RIP_SUPPORT and RIP_AUTHENTICATION are defined.

14.4 rip riprefuse

Command Name

riprefuse - Add/remove/display entries in the RIP refuse table

Syntax

riprefuse [{-a | -r} -i ]

Parameters

riprefuse without parameters will display the current RIP refuse table

-a Add an entry to the RIP refuse table

-r Remove an entry from the RIP refuse table

-i IP address

Description

This command is used to add, remove, or display entries in the RIP refuse table

Notes/Status

The refuse table only exists when RIP_REFUSE_LOOKUP is defined. If parameters are entered, then either '-a' or '-r' is required and '-i' is required.

Location

This command is provided by the RIP module when RIP_SUPPORT and RIP_REFUSE_LOOKUP are defined.

14.5 rip riproute

Command Name

riproute - add/remove/display routes

Syntax

riproute [{-a | -r} -d -i -s [-g ] [-m ] [-t ] [-f [PRIVATE | TRIGGER] [-p ] ]

Parameters

riproute without parameters displays the RIP routing table

-a Add entry to RIP routing table

-r Remove entry from RIP routing table

-d Destination IP address

-i Interface

-s Subnet mask

-g Gateway IP addr

-m Metric

-t Time to live (TTL)

-f Flag

-p Proxy IP address

Description

This command is used to set up entries in the routing table in order to be used by RIP.

RIP is a protocol that exchanges routing information between routers.

Notes/Status

If IP_ROUTING is defined, the routing table will automatically be filled with all basic basic routing entries: an entry for each routable interface on the local system plus those learned from connected routers. RFC 1723 describes special cases where you may wish to add additional routes to these automatically generated routes. This command currently only supports IPv4 routes. If parameters are entered, then either '-a' or '-r' is required, and '-d', '-i', and '-s' are all required. Unless subnetting should be used for this entry, the value of the subnet mask must identify the full network portion of the address. For the -f operand, PRIVATE protects the entry from deletion. For the -f operand, TRIGGER is the default. It means that an RIP response message will be sent immediately, whenever there is a change in the metric for any entry in the routing table. For the -m operand, the metric is the "cost" (typically number of hops) to get to the given node. Note: RIP will substitute "16" (infinity) for this metric in messages sent on networks for which the entry should not be used (split horizon principle). The interface identifier is one-based (and not zero-based). After TTL seconds, an entry that has not been renewed will be marked as unusable (metric = 16). Then following the "rip_def_deletion_interval", the entry will be removed.

Location

This command is provided by the RIP module when RIP_SUPPORT is defined.

15 SNMPv1/v2c

snmp community - manage the SNMP community table snmp config - configure SNMP agent snmp mib - display SNMP MIB counters snmp netstat - display SNMP agent information snmp target - configure SNMP trap target snmp trap - send SNMP trap(s)

15.1 snmp community

Command Name

snmp community - manage the SNMP community table

Syntax

community -i INT -c STRING -a STRING

community -c STRING -a STRING -n STRING -e STRING [-k STRING -v STRING -t INT -s INT]

community -d INT

Parameters

-i Argument of type INT, specifying the SNMPv1/SNMPv2c community table index.

-c Argument of type STRING, specifying the community string.

-a Argument of type STRING, specifying the access permissions.

-n Argument of type STRING, specifying the Security Name associated with the SNMPv3 table entry.

-e Argument of type STRING, specifying the Engine ID associated with the SNMPv3 table entry.

-k Argument of type STRING, specifying the Context Name associated with the SNMPv3 table entry.

-v Argument of type STRING, specifying the Tag value associated with the SNMPv3 table entry.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 table entry to delete.

Description

This command manages the table entries for the SNMPv1/SNMPv2c or SNMPv3 community table. The '-i' parameter selects the SNMPv1/SNMPv2c community table. If '-i' is absent, the SNMPv3 community table is assumed. Table indexes begin at 1. Possible values for the access strings are: RONLY, RWRITE, NOACCESS, READCREATE, WRITEONLY, and NOTIFY.

If the command is successful, the updated table is displayed.

Notes/Status

NOTIFY is equivalent to ACCESSIBLE_FOR_NOTIFY. If the community string is too long, it is truncated. The '-k' parameter defaults to the default context name. The '-t' parameter defaults to 4 = permanent. The '-s' parameter defaults to 1 = active.

Location

This command is provided by the SNMP module when INCLUDE_SNMP is defined.

15.2 snmp config

Command Name

snmp config - configure SNMP agent

Syntax

config [-a] [-c STRING] [-d STRING] [-k STRING] [-n STRING] [-l STRING] [-b INT]

Parameters

-a (no parameter), toggle the SNMP Agent ON/OFF.

-c Argument of type STRING, specifying the default community string.

-d Argument of type STRING, stored in the sysDescr field of the RFC1213-MIB system definition.

-k Argument of type STRING, stored in the sysContact field of the RFC1213-MIB system definition.

-n Argument of type STRING, stored in the sysName field of the RFC1213-MIB system definition.

-l Argument of type STRING, stored in the sysLocation field of the RFC1213-MIB system definition.

-b Argument of type INT, specifying the SNMPv3 engine boot count.

Description

This command is used to set various fields in the RFC1213-MIB structure.

If the command is successful, the updated values are displayed.

Notes/Status

The current SNMP configuration is displayed after any fields have been updated. String values which are too long will be truncated. A warning is displayed if the new engine boot count is less than the current value. The sysDescr.0 MIB variable cannot be updated via SNMP (because it is categorised as read- only).

Location

This command is provided by the SNMP module when ENABLE_SNMP is defined.

15.3 snmp mib

Command Name

snmp mib - display SNMP MIB counters

Syntax

mib

Description

This command displays SNMP MIB counters.

Location

This command is provided by the SNMP module when INCLUDE_SNMP and MIB_COUNTERS is defined.

15.4 snmp netstat

Command Name

snmp netstat - display SNMP agent information

Syntax

netstat

Description

Displays information related to the SNMP Agent.

Notes/Status

SNMPv3 Agent information is displayed when INCLUDE_SNMPV3 is defined.

Location

This command is provided by the SNMP module when INCLUDE_SNMP is defined.

15.5 snmp target

Command Name

snmp target - configure SNMP trap target

Syntax

target -i INT [-a IPADDR] [-c STRING] [-d]

Parameters

-i Argument of type INT, indicating the trap target entry to modify.

-a Argument of type IPADDR, indicating the IPv4 or IPv6 address of the trap target.

-c Argument of type STRING, indicating the community string associated with the trap target.

-d (no parameter), delete the selected trap target.

Description

This command configures a trap target entry. An entry in the trap target table contains a destination IPv4 address and a community string. When a trap message is sent, it is sent to each entry in the trap table.

Notes/Status

Trap target indexes range from 1 to MAX_TRAP_TARGETS. If the community string is too long, it will be truncated. The '-d' parameter takes precedence over all other parameters. If no parameters are specified, the current trap target table is displayed.

Location

This command is provided by the SNMP module when ENABLE_SNMP_TRAPS is defined.

15.6 snmp trap

Command Name

snmp trap - send SNMP trap(s)

Syntax

trap -v {1,2} (-a | -t INT)

trap -v 3 (-a | -k STRING) -c STRING -k STRING

Parameters

-v Argument of type INT, indicating the SNMP version, range is 1..3.

-t Argument of type INT, indicating the type of trap message to send, range is 0..6.

-a (no parameter), send a trap message for each trap type.

-k Argument of type STRING, indicating the tag value of the corresponding target table entries.

-c Argument of type STRING, specifying the context name.

Description

Sends a SNMP TRAP message to each trap target. The trap message is formatted using the specified trap type and SNMP protocol version. If '-a' is specified, a trap message of each type is sent. An error is returned if the selected SNMP version is not supported.

Notes/Status

The '-v' parameter defaults to SNMPv1. If both '-t' and '-a' are specified, '-a' is assumed. If the trap type is 6 and SNMP_TEST_SP_TRAP is defined, a second "enterprise-specific" trap of type 6 is sent. The community string defaults to the global community string (see the snmp config command).

Location

This command is provided by the SNMP module when ENABLE_SNMP_TRAPS is defined.

16 SNMPv3

snmpv3 access - manage the SNMPv3 access table snmpv3 authoid - manage the SNMPv3 algorithm table snmpv3 context - manage the SNMPv3 context table snmpv3 group - manage the SNMPv3 group table snmpv3 mibview - manage the SNMPv3 mibview table snmpv3 notify - manage the SNMPv3 notify table snmpv3 tables - display all SNMPv3 tables snmpv3 taddr - manage the SNMPv3 target address table snmpv3 tparam - manage the SNMPv3 target parameters table snmpv3 username - manage the SNMPv3 user table snmpv3 v3test - test SNMPv3 security algorithm

16.1 snmpv3 access

Command Name

snmpv3 access - manage the SNMPv3 access table

Syntax

access -m INT -g STRING -l INT -c STRING [-x] -r STRING -w STRING -n STRING [-t INT -s INT]

access -d INT

Parameters

-m Argument of type INT, specifying the security model of the SNMPv3 access table entry.

-g Argument of type STRING, specifying the group name of the SNMPv3 access table entry.

-l Argument of type INT, specifying the security level of the SNMPv3 access table entry.

-c Argument of type STRING, specifying the context name associated with the SNMPv3 access table entry.

-x (no parameter), specifies that an exact match of the context name is required.

-r Argument of type STRING, specifying the read view name.

-w Argument of type STRING, specifying the write view name.

-n Argument of type STRING, specifying the notify view name.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 access table entry to delete.

Description

This command manages the SNMPv3 access table.

If the command is successful, the updated table is displayed.

This command is provided by the SNMP module when INCLUDE_SNMP and INCLUDE_SNMPV3 are defined.

16.2 snmpv3 authoid

Command Name

snmpv3 authoid - manage the SNMPv3 algorithm table

Syntax

authoid -n STRING -o STRING

authoid -d INT

Parameters

-n Argument of type STRING, specifying the name of authentication or encryption algorithm.

-o Argument of type STRING, specifying the OID of the authentication or encryption algorithm.

-d Argument of type INT, specifying the index of the entry to delete.

Description

This command manages the auth-oid table.

If the command is successful, the updated table is displayed.

Notes/Status

Table entry indexes start at 1. If the name string is too long, it is truncated. The '-d' parameter takes precedence over all other parameters.

Location

This command is provided by the SNMP module when ENABLE_SNMP_TRAPS is defined.

16.3 snmpv3 context

Command Name

snmpv3 context - manage the SNMPv3 context table

Syntax

context -n STRING

context -d INT

Parameters

-n Argument of type STRING, specifying the context name to add to the SNMPv3 context table.

-d Argument of type INT, specifying the index of the SNMPv3 context table entry to delete.

Description

This command manages the SNMPv3 context table entries.

If the command is successful, the updated table is displayed.

Notes/Status

If the context string is too long, it is truncated. The context indices are zero-based.

Location

This command is provided by the SNMP module when INCLUDE_SNMP is defined.

16.4 snmpv3 group

Command Name

snmpv3 group - manage the SNMPv3 group table

Syntax

group -g STRING -n STRING -m INT [-t INT] [-s INT]

group -d INT

Parameters

-g Argument of type STRING, specifying the group name.

-n Argument of type STRING, specifying the security name.

-m Argument of type INT, specifying the security model of the SNMPv3 group table entry.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 group table entry to delete.

Description

This command manages the group table, which maps group names to security models.

If the command is successful, the updated table is displayed.

Notes/Status

If the name string is too long, it is truncated. Table entry indexes start at 1. The '-t' parameter defaults to 4 = permanent. The '-s' parameter defaults to 1 = active. The '-d' parameter takes precedence over all other parameters.

Location

This command is provided by the SNMP module when ENABLE_SNMP and INCLUDE_SNMPV3 are defined.

16.5 snmpv3 mibview

Command Name

snmpv3 mibview - manage the SNMPv3 mibview table

Syntax

mibview -n STRING -o STRING -m STRING [-x] [-t INT] [-s INT]

mibview -d INT

Parameters

-n Argument of type STRING, specifying the name of the MIB view.

-o Argument of type STRING, specifying the OID associated with the MIB view.

-m Argument of type INT, specifying the OID mask.

-x (no parameter), exclude this MIB subtree from the MIB view.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 table entry to delete.

Description

This command manages the MIB view table.

If the command is successful, the updated table is displayed.

Notes/Status

Location

This command is provided by the SNMP module when ENABLE_SNMP and INCLUDE_SNMPV3 are defined.

16.6 snmpv3 notify

Command Name

snmpv3 notify - manage the SNMPv3 notify table

Syntax

notify -m INT -n STRING -v STRING [-t INT] [-s INT]

notify -d INT

Parameters

-m Argument of type INT, specifying the notify type.

-n Argument of type STRING, specifying the notify group name.

-o Argument of type STRING, specifying the notify tag.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 table entry to delete.

Description

This command manages the Notify table used in sending SNMPv3 notification messages.

If the command is successful, the updated table is displayed.

Notes/Status

Location

This command is provided by the SNMP module when ENABLE_SNMP and INCLUDE_SNMPV3 are defined.

16.7 snmpv3 tables

Command Name

snmpv3 tables - display all SNMPv3 tables

Syntax

tables

Description

Displays all of the SNMPv3 tables.

Location

This command is provided by the SNMP module when INCLUDE_SNMP and INCLUDE_SNMPV3 are defined.

16.8 snmpv3 taddr

Command Name

snmpv3 taddr - manage the SNMPv3 target address table

Syntax

taddr -n STRING -a IPADDR -v STRING -r INT -x INT -z STRING [-t INT] [-s INT]

taddr -d INT

Parameters

-n Argument of type STRING, specifying the entry name.

-a Argument of type IPADDR, specifying the destination IP address.

-v Argument of type STRING, specifying the trap tag value.

-r Argument of type INT, specifying the retry count.

-x Argument of type INT, specifying the timeout (seconds).

-z Argument of type STRING, specifying the trap parameter(s).

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, the index of the SNMPv3 table entry to delete.

Description

This command manages the Target Address table. If it is successful, the updated table is displayed.

Notes/Status

Location

This is provided by the SNMP module when ENABLE_SNMP and INCLUDE_SNMPV3 are defined.

16.9 snmpv3 tparam

Command Name

snmpv3 tparam - manage the SNMPv3 target parameters table

Syntax

tparam -m INT -n STRING -u INT -v STRING -l INT [-t INT] [-s INT]

tparam -d INT

Parameters

-m Argument of type INT, specifying the MPC model of the trap.

-n Argument of type STRING, specifying the name of this entry.

-u Argument of type INT, specifying the USEC model.

-v Argument of type STRING, specifying the Security model name.

-l Argument of type INT, specifying the Security level.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 table entry to delete.

Description

This command manages the Target Prameter table. If it is successful, the updated table is displayed.

Notes/Status

Location

This is provided by the SNMP module when ENABLE_SNMP and INCLUDE_SNMPV3 are defined.

16.10 snmpv3 username

Command Name

snmpv3 username - manage the SNMPv3 user table

Syntax

username -u STRING -v STRING -a STRING -b STRING -p STRING -q STRING [-t INT] [-s INT]

username -d INT

Parameters

-u Argument of type STRING, specifying the user name.

-v Argument of type STRING, specifying the Security name.

-a Argument of type STRING, specifying the Authentication entry in the Auth-OID table.

-b Argument of type STRING, specifying the Authentication password.

-p Argument of type STRING, specifying the Privacy entry in the Auth-OID table.

-q Argument of type STRING, specifying the Privacy password.

-t Argument of type INT, specifying the storage type of the SNMPv3 table entry.

-s Argument of type INT, specifying the row status of the SNMPv3 table entry.

-d Argument of type INT, specifying the index of the SNMPv3 table entry to delete .

Description

This command manages the User table.

If the command is successful, the updated table is displayed.

Notes/Status

Location

This command is provided by the SNMP module when ENABLE_SNMP and INCLUDE_SNMPV3 are defined.

16.11 snmpv3 v3test

Command Name

snmpv3 v3test - test SNMPv3 security algorithm

Syntax

v3test (-a | -m)

Parameters

-a (no parameter), perform all authentication tests.

-m (no parameter), perform MD5 authentication test.

Description

This command tests the security algorithms supported by the build.

Notes/Status

This commands only supports the MD5 authentication algorithm.

Location

This command is provided by the SNMP module when INCLUDE_SNMP and V3_USE_AUTH are defined.

17 SNTPv4

sntp netstat - display SNTPv4 client statistics and status sntp sntpcfg - configure SNTPv4 client sntp sntplog - display SNTPv4 client state transition log sntp sntpsync - synchronize with the time server sntp sntpterm - terminate synchronization with the time server sntp sntptime - display current time

17.1 sntp netstat

Command Name

sntp netstat - display SNTPv4 client statistics and status

Syntax

netstat

Parameters

None

Description

This command displays statistics associated with the SNTPv4 client module.

Location

This command is provided by the SNTPv4 client module when USE_SNTP_V4 is defined.

17.2 sntp sntpcfg

Command Name

sntp sntpcfg - configure SNTPv4 client

Syntax

sntpcfg -a -c -d -e -l -m -o -p -r -s -t -v -x

Parameters

-a Add new time server address (specified as IPv4 address or hostname).

-c Specify list of time servers from which an update will be accepted.

-d Delete time server address (specified as IPv4 address or hostname).

-e Specify value of the "bm_perp" parameter ("none", "once", or "perpetual") for time server.

-l Specify value of "def_delay" parameter (in microseconds) for time server.

-m Specify value of the "bm_active" parameter ("none", "active", or "passive") for time server.

-o Specify value of the "sord" parameter ("none", "dynamic", or "static") for time server.

-p Specify slot number in time server address table.

-r Specify retransmission timeout (in seconds).

-s Specify time server (as IPv4 address or hostname) for which parameters are being configured.

-t Specify value of TTL field in IPv4 header for outgoing multicast packets.

-v Specify passive timeout (in seconds).

-x Specify total number of transmissions of request packet.

Description

This command is used to configure the SNTPv4 client module.

Notes/Status

The -p option specifies the slot number for the time server being added via the -a option. Both of these options must be specified together. The -c, -l, -o, and -t options must be used to configure parameters for an existing time server specified via the -s option. The -c, -e, -l, -m, and -o options are only intended for use with broadcast- or multicast-based time servers.

The following sequence of CLI commands can be used to configure the SNTPv4 client to communicate with a unicast-based time server.

##add a new time server (129.6.15.28) at slot# zero in the server address table sntpcfg -a 129.6.15.28 -p 0

Alternatively, a server can be specified via its name.

sntpcfg -a time-a.nist.gov -p 0

The following sequence of CLI commands can be used to configure the SNTPv4 client to operate in passive perpetual mode, and to accept updates sent from 10.0.0.70 to the 224.0.1.1 multicast group address. The server is configured for a static delay of 10000 microseconds.

##add a new time server (224.0.1.1) at slot# zero in the server address table sntpcfg -a 224.0.1.1 -p 0

##configure client to use a static one-way delay of 10000 microseconds sntpcfg -s 224.0.1.1 -o static -l 10000

##configure client to operate in passive perpetual mode sntpcfg -m passive -e perpetual

##configure client to only accept updates sent from 10.0.0.70 to the 224.0.1.1 multicast group address sntpcfg -s 224.0.1.1 -c 10.0.0.70

Broadcast-based time servers can be configured in a manner similar to that shown above. To configure a client for operation in active mode (with multicast- or broadcast-based servers), use the '-m active' option. Here's an example of configuration that allows the client to accept time updates (sent to the 10.0.0.255 broadcast address) from any one of four servers.

sntpcfg -s 10.0.0.255 -c "10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4"

Location

This command is provided by the SNTPv4 client module when USE_SNTP_V4 is defined.

17.3 sntp sntplog

Command Name

sntp sntplog - display SNTPv4 client state transition log

Syntax

sntplog

Parameters

None

Description

This command displays the contents of the state transition log in the time server.

Location

This command is provided by the SNTPv4 client module when USE_SNTP_V4 is defined.

17.4 sntp sntpsync

Command Name

sntp sntpsync - synchronize with the time server

Syntax

sntpsync

Parameters

None

Description

This command initiates a sync with the time server.

Location

This command is provided by the SNTPv4 client module when USE_SNTP_V4 is defined.

17.5 sntp sntpterm

Command Name

sntp sntpterm - terminate synchronization with the time server

Syntax

sntpterm

Parameters

None

Description

This command terminates an ongoing sync with the time server.

Location

This command is provided by the SNTPv4 client module when USE_SNTP_V4 is defined.

17.6 sntp sntptime

Command Name

sntp sntptime - display current time

Syntax

sntptime

Parameters

None

Description

This command displays the current time. The time returned is the sum of the last update received from the time server, and the elapsed interval since then (based on information extracted via the local clock).

Location

This command is provided by the SNTPv4 client module when USE_SNTP_V4 is defined.

18 SSH

ssh cfgfwds - Configure or display SSH forwarding parameters ssh config - display or modify SSH server configuration parameters ssh memstat - Display SSH server memory usage ssh netstat - displays SSH Server statistics and status ssh nosecurity - Allow/Disallow NULL authorization and security parameters

18.1 ssh cfgfwds

Command Name

ssh cfgfwds - Configure or display SSH forwarding parameters

Syntax

ssh cfgfwds [-p ] [-q ] [-r ] [-s ]

Parameters

(none) Command without arguments displays the current state of ssh forwarding parameters

-p lowest port number to be used for local port forwarding.

-q highest port number to be used for local port forwarding

-r lowest port number to be used for remote port forwarding.

-s highest port number to be used for remote port forwarding

Description

This command is used to configure or display SSH forwarding parameters

Location

This command is provided by the SSH server module when USE_SSH and SSH_MENUS are defined.

18.2 ssh config

Command Name

ssh config - display or modify SSH server configuration parameters

Syntax

ssh config [-a ] [-t ] [-v <"on" | "off">]

Parameters

(none) Command without arguments displays the current state of ssh configuration parameters

-a Integer: Maximum allowed authorization attempts.

-t Integer: Maximum allowed idle time during authorizations.

-v String: Turn ssh debug "on" or "off"

Description

This command displays or sets SSH configuration parameters

Location

This command is provided by the ssh module when USE_SSH and SSH_MENUS are defined.

18.3 ssh memstat

Command Name

ssh memstat - Display SSH server memory usage

Syntax

ssh memstat

Parameters

This command takes no arguements

Description

This command is used to to display SSH server memory usage

Notes/Status

SSH obtains memory from pre-configured SSH buffer pools. The memstat display shows:

The name of the memory pool. The size of each element in bytes The maximum number of elements that may be allocated in this pool The lowest number that were available at any time. The number of currently allocated elements in the pool (whether used or not).

Location

This command is provided by the SSH server module when USE_SSH and SSH_MENUS are defined.

18.4 ssh netstat

Command Name

ssh netstat - displays SSH Server statistics and status

Syntax

ssh netstat [-i ] [-l ]

Parameters

(none) Command without arguments displays statistics for all connections

-i Integer: Display statics for specified Client ID (Obtained with ssh netstat -l).

-l List active connections

Description

This command is used to display SSH Server statistics and status

Location

This command is provided by the SSH server module when USE_SSH and SSH_MENUS are defined.

18.5 ssh nosecurity

Command Name

ssh nosecurity - Allow/Disallow NULL authorization and security parameters

Syntax

ssh nosecurity [-a <"yes"|"no">] [-c <"yes"|"no">] [-c <"yes"|"no">] [-p <" yes"|"no">]

Parameters

(none) Command without arguments displays the current state of ssh NULL authorization and security parameters

-a Allows/disallows access without authorization.

-c Allows/disallows connections that do not use encryption.

-m Allows/disallows connections that do not use MAC integrity protection

-p Allows/disallows the use of passwords on connections without encryption.

Description

This command is intended for use during development and debugging. It enables/disables ssh server configuration parameters for permitting the use of NULL authorization and security

Notes/Status

This command is only available if ssh_globs.ssh_nosecurity_allowed was set at compile time Key files specified in the usertable cannot be used with the NULL cipher. If NONE_AUTH is allowed, key_files will be ignored. Otherwise an error will be returned if the entry for the user specifies a key file. Passwords specified in the usertable cannot be used with the NULL cipher unless ssh_globs. ssh_allow_pwd_with_none_cipher is set. If that parameter is set and NONE_AUTH is allowed, passwords in the usertable will be ignored. Otherwise an error will be returned if the entry for the user specifies a password.

Location

This command is provided by the SSH server module when USE_SSH and SSH_MENUS are defined.

19 Syslog

syslog netstat - display syslog statistics and status syslog sendtest - send test syslog message(s) syslog server - configure syslog server address syslog syslog - disable or enable syslog

19.1 syslog netstat

Command Name

syslog netstat - display syslog statistics and status

Syntax

syslog netstat -a

Parameters

-a Display all statistics for the syslog client module.

Description

This command displays statistics associated with the syslog client module.

Location

This command is provided by the syslog client module when INICHE_SYSLOG is defined.

19.2 syslog sendtest

Command Name

syslog sendtest - send test syslog message(s)

Syntax

syslog sendtest -f STRING -s STRING -m STRING

Parameters

-m Argument of type STRING, indicating message, a mandatory parameter

-f Argument of type STRING, indicating facility

-s Argument of type STRING, indicating severity

Description

This command sends a test message to syslog server.

Location

This command is provided by the syslog client module when INICHE_SYSLOG is defined.

19.3 syslog server

Command Name

syslog server - configure syslog server address

Syntax

syslog server {-i <0 | 1 | 2>} {-s }

Parameters

-i index of slot in syslog server address table.

-s IPv4 or IPv6 address of syslog server.

Description

This command updates the syslog server table with a new IPv4 or IPv6 address.

Location

This command is provided by the syslog client module when INICHE_SYSLOG is defined.

19.4 syslog syslog

Command Name

syslog syslog - disable or enable syslog

Syntax

syslog syslog -d -e -t

Parameters

-d Disables Syslog function

-e Enables Syslog function

-t Toggles Syslog function (If enabled disables it and if disabled enables it)

Description

This command Enables Or Disables Or Toggles the Syslog Function.

Location

This command is provided by the syslog client module when INICHE_SYSLOG is defined.

20 System

cbadd - add chained buffer pool cbdel - Set aside the buffers from a pool of chained buffers or delete the entire pool call - call a command script config - Set the CLI configuration echo - echo a string through current GIO context help - display information about a command sleep - pause for a specified number of seconds or ticks arp - Display ARP statistics buffers - list chained buffer and socket statistics bufstat - Display packet buffer statistics debug - set the IP stack trace level dtrap - Execute the dtrap() function dyniface - Dynamic Interface Command gratarp - Send a gratuitous ARP request/reply halt - Stop NicheStack execution iface - Display network interface information linkstats - Display link-specific information net mbufs - Display mbuf pool statistics and mbuf lists net netstat - display operational statistics ping - Send ICMP requests queues - Display NicheStack packet queues route - add/delete/print IP route table entry setip - manually set IPv4 or IPv6 address information status - display system status tcpecho - Start a tcp echo client request tesvr - Control the TCP echo server udpecho - Start, stop, or provide status for a udp echo client request uesvr - Start or stop the UDP echo server user - Access or modify user table

20.1 chainbuff cbadd

Command Name

cbadd - add chained buffer pool

Syntax

cbadd -n number -s size -r number

Parameters

-n Argument of type int, total number of buffers in this pool

-s Argument of type int, size of each buffer in this pool

-r Argument of type int, restore: number of buffers to add back from those previously set aside via the cbdel command

Description

Add a new chained buffer queue.

Sample use:

cbadd -s 512 -n 30

Notes/Status

cbadd -s xx -n xx will fail if a pool of buffers of that size already exists. To add more buffers to a pool, you must first delete the pool and then create the pool again. When a chain buffer pool of -n is created, the command will also add a region containing -n X MBUF_PERCENT mbufs . If a pool if size buffers does exist, and at least number buffers have been previously "set aside" (see command 'cbdel') this command returns the requested number of buffers to the pool for allocation. If no number parameter is given with -r option, all buffers on the delete/set-aside queue of the specified size will be restored. -n and -r cannot be used in the same command.

Location

This command is provided by the chainedbuff module when CHAINED_BUFFERS and INCLUDE_CLI are defined.

20.2 chainbuff cbdel

Command Name

cbdel - Set aside the buffers from a pool of chained buffers or delete the entire pool

Syntax

cbdel -s size [-n number]

Parameters

-s size Argument of type int, indicating size in bytes of each buffer in the pool

-n number Argument of type int, indicating number of buffers to delete from the allocation pool.

Description

Artifically reduce the size of a chained buffer pool by setting aside the specified number of buffers, or delete the entire pool.

Sample use:

cbdel -s 512 -n 10

Notes/Status

If -n option is not provided, this command frees the region of the heap containing the buffers and also the mbufs associated with that pool. If -n option is provided and sufficient buffers exist in the pool, this command will "set aside" number buffers, thereby artifically reducing the pool of buffers available for allocation. If the value of the -n option always specifies the total number of buffers to be set aside. If it is less than the number previously set aside, then some buffers will be restored. If it is larger than the number previously set aside, then more buffers will be set aside until the total reaches the specified value

Location

This command is provided by the chainedbuff module when CHAINED_BUFFERS and INCLUDE_CLI are defined.

20.3 cli call

Command Name

call - call a command script

Syntax

call -s STRING [-i] [-o] [-x]

Parameters

-s Script file name

-i Suppress echoing script lines to the output stream

-o Suppress all output

-h Terminate script processing if an error is encountered

Description

This command reads lines from a script file and passes them on to the Command Line Interpreter. The lines of the script file may optionally be echoed to the output stream (normally the Console). Output resulting from the execution of the CLI commands may optionally be suppressed. Commands are executed until the input stream reaches end-of-file, at which time the previous input stream is restored. Script files may invoke other script files.

Notes/Status

Script files may invoke other script files

Location

This command is provided by the CLI module when INCLUDE_CLI is defined.

20.4 cli config

Command config

config - Set the CLI configuration

Syntax

config [-p STRING]

Parameters

-p Argument of type STRING, specifying the new CLI prompt string

Description

The command sets the CLI prompt string for the current CLI context and any subsequent CLI contexts.

Notes/Status

The prompt string is limited to a maximum of CLI_PROMPT_LEN characters. The command can be called by the boot_rc script.

Location

This command is provided by the CLI module when INCLUDE_CLI is defined.

20.5 cli echo

Command Name

echo - echo a string through current GIO context

Syntax

echo -s STRING

Parameters

-s the string which is to be echoed to gio's current output device

Description

Copies the string to the current output stream. Primarily used in web scripts for inserting "canned" messages into the output stream.

Notes/Status

If the string includes spaces, the string must be enclosed in single quotes, double quotes, or parentheses. This command can be called by the boot_rc script.

Location

This command is provided by the CLI module when INCLUDE_CLI is defined.

20.6 cli help

Command Name

help - display information about a command

Syntax

help [-m STRING] [-c STRING]

Parameters

-m Menu group name

-c Command name

Description

This command provides helpful information about the CLI commands. If no parameters are entered, the list of available menu groups and the commands within each menu group is displayed. If a menu group is specified, information about the menu group and its commands are displayed. If a command is specified, information about the command is displayed. If the command name is a present in more than one menu group, the menu group name must also be specified to remove any ambiguity.

Notes/Status

"help -m foo -c bar" is equivalent to "foo bar ?". Entering "?" is equivalent to entering "help".

Location

This command is provided by the CLI module when INCLUDE_CLI is defined.

20.7 cli sleep

Command Name

sleep - pause for a specified number of seconds or ticks

Syntax

sleep [ -s UINT | -t UINT ]

Parameters

-s the number of seconds to sleep.

-t the number of cticks to sleep.

Description

Suspends the caller for the requested number of seconds or cticks.

Notes/Status

Both '-s' and '-t' cannot be specified.

Location

This command is provided by the CLI module when INCLUDE_CLI is defined.

20.8 net arp

Command arp

arp - Display ARP statistics

Syntax

arp [-z]

Parameters

-z Reset the ARP statistics to zero

Description

This command displays the ARP table and the ARP statistics. If '-z' is specified, the statistics are reset to zero after they are displayed.

Location

This command is provided by the DIAG module when NET_STATS is defined.

20.9 net buffers

Command Name

buffers - list chained buffer and socket statistics

Syntax

buffers [-a] [-q UINT] [-o UINT] [-l UINT] [-s]

Parameters

-a List all buffer and socket statistics

-q Buffer queue to list. Queue is one of those defined by the in_bufq[] array in userdata.c, e.g., 128, 512. (default: 0 = "all buffers")

-o Offset into buffer to begin data dump (default: 0)

-l Number of bytes to dump (default: 14)

-s List socket statistics

Description

This command displays the current status of the selected chained buffers.

Notes/Status

The packet buffer information may not accurately reflect packets that are currently being processed.

Location

This command is provided by the NET module when PKTLOG is defined.

20.10 net bufstat

Command bufstat

bufstat - Display packet buffer statistics

Syntax

bufstat

Parameters

None

Description

Displays packet buffer statistics.

Notes/Status

Should this command be rolled into a 'netstat' command?

Location

This command is provided by the DIAG module when INCLUDE_CLI is defined.

20.11 net debug

Command debug

debug - set the IP stack trace level

Syntax

debug [ [-d] | [-e] | [-n UINT] ]

Parameters

-d disable IP stack tracing

-e enable default IP stack trace levels

-n Argument of type UINT, specifying the IP stack trace levels

Description

NicheStack includes code to trace the progress of network packets as they move through the various levels of the stack. This command controls which levels of the stack display trace information.

The '-n' parameter is a bitmask specifying which levels of the IP stack (i.e. protocol, transport, internet, application, etc.) will display trace information. The bits are defined in the file, h/net.h. If '-d' is specified, IP stack tracing is disabled (equivalent to '-n 0'). If '-e' is specified, IP stack tracing is enabled for the default IP stack trace levels; general, protocol, transport, and internet (equivalent to '- n 0x314').

Notes/Status

Only available if NPDEBUG is defined.

Location

This command is provided by the DIAG module when INCLUDE_CLI and NPDEBUG are defined.

20.12 net dtrap

Command dtrap

dtrap - Execute the dtrap() function

Syntax

dtrap

Parameters

None

Description

This command calls the NicheStack dtrap() function. The dtrap() function is a "port dependent" mechanism which allows users to interrupt the execution of NicheStack and pass control to a debugger process.

Notes/Status

This command is "port dependent."

Location

This command is provided by the DIAG module when NPDEBUG is defined.

20.13 net dyniface

Command Name

dyniface - Dynamic Interface Command

Syntax

dyniface [-c ] | [-l]

dyniface -n [-d]| [-e] | [-r]

Parameters

-c Create interface of type specified by string

-l List interfaces

-n Interface name

-d Disable interface named with -n option

-e Enable interface named with -n option

-r Remove/delete interface named with -n option

Description

This command is used to create or remove a dynamic interface. It can also be used to list all interfaces or to enable or disable an interface

Notes/Status

The type string for the -c option must be either "ppp", or "lo" A dynamic interface is disabled when it is created. A dynamically created ppp interface must be configured before it is enabled (See plnkcfg and setip commands) Only a dynamically created interface can be removed (-r), and it must be disabled before it can be removed The API function, ni_create(), has additional options not supported by this CLI command. See the NicheStack Reference Manual for details.

Location

This command is provided when DYNAMIC_IFACES and INCLUDE_CLI are defined

20.14 net gratarp

Command

gratarp - Send a gratuitous ARP request/reply

Syntax

gratarp -i UINT -r

Parameters

-i Argument of type UINT, indicating the index of the network interface to use send the ARP packet.

-r (no parameter), if present, sends a gratuitous ARP reply, otherwise sends a gratuitous ARP request.

Description

This command sends a gratuitous ARP packet. The '-i' parameter selects the network interface to be used. A gratuitous ARP request packet is sent unless the '-r' parameter is present, in which case a gratuitous ARP reply packet is sent.

Location

This command is provided by the ARP module.

20.15 net halt

Command halt

halt - Stop NicheStack execution

Syntax

halt

Parameters

None

Description

This command stops NicheStack execution. Execution passes to the process that started NicheStack.

Notes/Status

Th command calls the "port dependent" function, netexit().

Location

This command is provided by the NET module when INCLUDE_CLI is defined.

20.16 net iface

Command Name

iface - Display network interface information

Syntax

iface [-i UINT [-m UINT]]

Parameters

-i Network Interface number.

-m The maximum transmission unit of a Network Interface.

Description

This command displays information about the specified Network Interface. If '-i' is not specified, the list of available Network Interfaces is displayed.

The value of the '-m' is used to set the maximum transmission unit of the selected interface. Valid values are 128 to 65535. Care must be taken when setting the value to ensure that the value matches the capabilities of the underlying hardware.

Notes/Status

The first Network Interface number is 1.

Location

This command is provided by the NET module when INCLUDE_CLI is defined.

20.17 net linkstats

Command Name

linkstats - Display link-specific information

Syntax

linkstats -i INT

Parameters

-i Network Interface number.

Description

This command displays Link information for the specified Network Interface. The Link information is device-specific, and is provided by the implementor of the Network Interface device driver.

Notes/Status

The first Network Interface number is 1.

Location

This command is provided by the NETMAIN module when INCLUDE_CLI is defined.

20.18 net mbufs

Command Name

net mbufs - Display mbuf pool statistics and mbuf lists

Syntax

net mbufs -l

Parameters

-l This parameter is optional. With the parameter the command displays mbuf lists and mbuf statistics.

Description

This command with the parameter l displays mbuf pool statistics and mbuf lists and without the parameter displays only mbuf pool statistics.

Location

This command is provided by the net module when INCLUDE_CLI is defined.

20.19 net netstat

Command Name

net netstat - display operational statistics

Syntax

netstat -a {-c [-p ]} -m -q {-s [-p ]}

Parameters

- display status information about all protocols or modules. a

- display status information about TCP or UDP sockets. c

- Argument takes no parameter and returns help message for this command h

- display status information about mbufs. m

- specify network protocol (ICMP ("icmp"), ICMPv6 ("icmp6"), IP ("ip"), IPv6 ("ip6"), TCP ("tcp" or p "tcp6"), and UDP ("udp" or "udp6")) for which information is being requested.

- display status information about the TCP/IP stack's receive queue. q

- display statistics for specified network protocol. s

Description

This command displays status information for various network protocols or modules.

Notes/Status

The protocol names can be specified in either lowercase or uppercase. The -p option is only intended for use with either the -c option or the -s option. For the ICMPv6 protocol, the user can also enter an identifier with the -i option to specify the interface for which ICMPv6 statistics are desired. Here's an example invocation: "net netstat -s -p icmp6 -i 1". The existing code does not provide any mechanism to dump ICMPv6 statistics for multiple interfaces via one CLI command. The protocol names "tcp6" and "udp6" can be used with only the -c and -p options to display TCP /IPv6 and UDP/IPv6 sockets respectively. When the -c option is used without a -p option, this command will display information about sockets for all protocols. When the -s option is used without a -p option, this command will display statistics for all protocols. The TCP and UDP modules provide a unified set of statistics for IPv4 and IPv6.

Location

This command is provided by the base TCP/IP stack. Statistics information is only provided when NET_STATS is defined. IPv6-related information is only provided if IPv6 support is included in the build.

20.20 net ping

Command Name

ping - Send ICMP requests

Syntax

ping (-a | -h ) [-l ] [-n ] [-t ]

ping -h -v

ping -k

ping -s

Parameters

-a IPv4/6 addr

-h Host name

-l Length of packets. Default = 64 bytes

-n Number of pings. Default = 5

-t Interval between pings in ticks. Default = TPS. Minimum = 2 ticks.

-k Kill ping request specified by Session ID

-s Print cumulative ping statistics

-v INT: 4=IPv4, 6=IPv6. Required only when Dual stack

Description

This command sends an ICMP echo requests in either IPv4 or IPv6 format. It verifies that the data in the responses exactly matches the data in the request and reports any mismatches. Multiple ping requests can be entered while the earlier requests are in progress.

Notes/Status

The -a and -h options are mutually exclusive. For IPv6 link local addresses on MULTI_HOMED systems, the -a parameter must in include the scope ID. The -k and -s options must be used by themselves The session ID argument for the -k option is printed when the ping request is started Some echo servers limit the length of responses. The returned messages will be truncated to that length. ping depends on the DNS server addresses being loaded (setdnssvr command). Please turn on the following in ipport.h_h - DNS_CLIENT, PING_APP, and optionally PING_VERBOSE

Location

This command is provided by the DIAG module when PING_APP is defined

20.21 net queues

Command queues

queues - Display NicheStack packet queues

Syntax

queues

Parameters

-z (no parameter). Resets all queues' min and max threshholds to their current values.

Description

This command displays the current status of various resource queues. These queues include the receive packet queue (rcvdq), free packet queues (cb-#), the free mbuf queue (mfreeq) and the 'inuse' mbuf queue (mbufq).

Sample Output:

-> queues Packet buffer free queues, total packets:120 (99840 bytes) cb-1 Q0128: size:7680, head:00A5A9FC, tail:00A5A96C, len:60, min:57, max:60 cb-2 Q1536: size:92160, head:00A5E784, tail:00A5E73C, len:60, min:52, max:60 mfreeq: head:00A5D82C, tail:00A5D804, len:120, min:118, max:120 mbufq: head:00000000, tail:00000000, len:0, min:0, max:2 rcvdq: head:00000000, tail:00000000, len:0, min:0, max:3

Location

This command is provided by the net module.

20.22 net route

Command Name

route - add/delete/print IP route table entry

Syntax

route {-a -d -m -n } | {-x -d -m -i } | {-p -v 4}

Parameters

-a Add IP route

-d Destination address associated with route

-i Interface identifier

-m Subnet mask associated with route

-n IP address of next hop associated with route

-p Print IP route table

-v Version number of IP

-x Delete IP route

Description

This command can be used to add or delete an entry from the IP routing table. It can also be used to print the entire routing table.

Notes/Status

This command currently only supports IPv4 routes. The interface identifier is one-based (and not zero-based). The -v option must specify 4 to indicate that the user intends to dump the IPv4 routing table.

Location

This command is provided by the IP routing module when IP_ROUTING is defined.

20.23 net setip

Command Name

setip - manually set IPv4 or IPv6 address information

Syntax

setip -i INT [-a IPADDR] [-s IPADDR] [-g IPADDR] [-m MACADDR] [-d IPADDR] [[-o | -r] -p STRING]

Parameters

- Network Interface's IPv4 or IPv6 address. a

- Network Interface's IPv6 address. d

- Network Interface's IPv4 gateway address. g

- Network Interface number. i

- Obtain an IPv4 address using the specified protocols (e.g., DHCP ("dhcpc"), auto-configuration o ("autoip")).

- Set of address protocols to be used on the link (e.g., "dhcpc" (DHCP only), "autoip" (auto- p configuration only), "dhcpc,autoip" (DHCP or auto-configuration)).

- Terminate the use of the specified address protocols on the link, and relinquish address r obtained thru' them.

- Network Interface's IPv4 subnet mask. s

Description

This command configures a Network Interface. The '-i' parameter selects the Network Interface to configure. The user can set the IPv4 address, network submask, gateway IP address, and the Ethernet (i.e. MAC) address. IP address are specified in the format: NNN.NNN.NNN.NNN, where NNN can range from 0 to 255. The format: NNN.NNN, is shorthand for NNN.0.0.NNN. The Ethernet address has the format: XX:XX:XX:XX:XX:XX, where XX is a 2-digit hexadecimal value from 00 to FF.

The '-a' parameter will also accept an IPv6 address in the form XXXX:XXXX:XXXX:XXXX:XXXX: XXXX:XXXX:XXXX. The setip command may be used repeatedly to add more than one IPv6 unicast address.

The '-d' parameter will accept an IPv6 address to delete from the interface. The setip command may be used repeatedly to delete more than one IPv6 unicast address.

Changes to the Network Interface configuration are performed immediately; open connections are not flushed or closed. Setting the MAC address should only be done during network initialization. If no parameters are specified, the current IPv4 configuration settings are displayed.

Notes/Status

When both DHCP and auto-configuration are specified on a link, the system first attempts to obtain an address via DHCP. Setting incorrect values may cause the network interface to become unusable. This command can be called by the boot_rc script. Example invocation sequences: 1. configure a static IPv4 address

setip -i 1 -a 10.0.0.112 -s 255.255.255.0 -g 10.0.0.1

2. configure interface #1 to obtain an IPv4 address via DHCP

setip -i 1 -o -p dhcpc

3. configure interface #1 to obtain an IPv4 address via auto-configuration

setip -i 1 -o -p autoip

4. configure interface #1 to obtain an IPv4 address via DHCP or auto-configuration in this case, the system first attempts to obtain an address via DHCP. If that fails, it auto- configures itself with an address in the range from 169.254.1.0 to 169.254.254.255.

setip -i 1 -o -p dhcpc,autoip

5. terminate the use of DHCP on interface #1, and release address obtained via that protocol. If auto-configuration was previously configured, the system will attempt to obtain an address via that protocol. Otherwise, it will revert to the previously configured static IPv4 address.

setip -i 1 -r -p dhcpc

Location

This command is provided by the NET module when INCLUDE_CLI is defined.

20.24 net status

Command Name

status - display system status

Syntax

status [-a] [-i] [-m] [-q] [-s] [-t]

Parameters

-a Display all. Equivalent to: -i -m -q -s -t

-i Display IP MIB information.

-m Display MBuf information.

-q Display packet queue information.

-s Display system status information.

-t Display task information.

Description

This command displays information about various NicheStack components.

Notes/Status

The '-m' option is only available if INCLUDE_TCP is defined.

Location

This command is provided by the NETMAIN module when INCLUDE_CLI is defined.

20.25 net tcpecho

Command Name

tcpecho - Start a tcp echo client request

Syntax

net tcpecho{ -a | -c | -s } [-l < reqlen>] [-n ] [-p ] [-t ]

Parameters

-a IPv4/6 address of echo server

-c Used to close an echo request that is in progress

-s Display cumulative echo statistics

-l Total number of bytes in each echo request (default = 256)

-n Number of requests (default = 1)

-p Port on server. Default = 7, the standard echo port

-t Number of ticks between each echo request (default = 0)

Description

Starts a TCP echo request. Sends a total number of bytes equal to reqlen * number of requests. Request data consists of 32-bit values. The values start at 0 at the beginning of the command and then continuously increment across all requests in the command. Each byte in the echoed responses are compared with the values expected. When the client has recieved echo responses for all of the echo requests, then the command will complete and the socket will be closed.

Notes/Status

For IPv6 link local addresses on MULTI_HOMED systems, the -a parameter must in include the scope ID. The -l parameter (reqlen) cannot be larger than ECHOBUFSIZE, which is compiled as TCP_SEND_SPACE - 64 The output for the -s parameter (statistics) will only include a BPS calculation if the -t parameter (delay)is 0. The defaults for TCP echo requests are defined at the top of tcpecho. The tesvr command must be used to open the TCP Echo Server.

Location

This command is provided by the DIAG module when TCP_ECHOTEST and TCPECHO_MENUS are defined, and tcp_echo.$(OBJ) is in the list of OBJS in the misclib makefile

20.26 net tesvr

Command Name

tesvr - Control the TCP echo server

Syntax

diag tesvr { -o | -c | -s } [-i ] [-p ]

Parameters

-o Open/start the echo server

-c Close the echo server

-s Display cumulative echo server statistics

-i Interface to listen on (Default = nd0)

-p Port on which to listen. Default = 7, the standard echo port

Description

Control or display statistics for the TCP echo server. For dual stacks (IP_V4 and IP_V6 both defined), the echo server will automatically open two listen sockets, one for each protocol. The echo server can handle only one client at a time.

Location

This command is provided by the DIAG module when TCP_ECHOTEST and TCPECHO_MENUS are defined, and tcp_echo.$(OBJ) is in the list of OBJS in the misclib makefile

20.27 net udpecho

Command Name

udpecho - Start, stop, or provide status for a udp echo client request

Syntax

net udpecho { -a | -c | -s } [-q] [-l < reqlen>] [-n ]

Parameters

-a IPv4/6 address of echo server

-c Used to close an echo command that is in progress

-s Displays server status and stats for current/last client command

-l Total number of bytes in each echo request (default = 64)

-n Number of requests (default = 4)

-q Don't report as each response is received

Description

Starts, stops, or provides status for a udp echo client request. Sends a total number of bytes equal to reqlen * number of requests. Request data consists of 32-bit values. There is no byte order conversion. For each packet the values start at 0 and increment thoughout the packet. For packet sizes not divisable by 4, a partial value is written. Each byte in the echoed response is compared with the value expected. When the client has recieved responses to all requests, the command will complete and buffers will be released.

Notes/Status

For IPv6 link local addresses on MULTI_HOMED systems, the -a parameter must in include the scope ID. The defaults for UDP echo requests are defined at the top of udp_echo.c. There will be a delay of UECHO_DFTPKTDELAY ticks between the sending of each echo request. The -l parameter (reqlen) cannot be larger than UECHO_MAXPKTLENGTH The command will stop if there are UECHO_MAXCMPERRs. When looking for software bugs, it may be useful to set UECHO_MAXCMPERR to one and add a dtrap() at the point where an error is found. The udpecho command only works with the NicheStack UDP echo server. The uesvr command must be used to start the UDP Echo Server.

Location

This command is provided by the DIAG module when UDP_ECHOTEST and UDPECHO_MENUS are defined, and udp_echo.$(OBJ) is in the list of OBJS in the misclib makefile

20.28 net uesvr

Command Name

uesvr - Start or stop the UDP echo server

Syntax

diag uesvr -o | -c

Parameters

-o Open/start the echo server

-c Close the echo server

Description

Starts or stops the UDP echo server. For dual stacks (IP_V4 and IP_V6 both defined), the echo server will automatically open two UDP echo listening connections, one for each protocol. The server can handle multiple simultaneous clients using either IPv4 or IPv6

Location

This command is provided by the DIAG module when UDP_ECHOTEST and UDPECHO_MENUS are defined, and udp_echo.$(OBJ) is in the list of OBJS in the misclib makefile

20.29 net user

Command Name

user - Access or modify user table

Syntax

user [-a | -c] -u U [-p P] [-m M] [-r] [-z Z] user -d -u U user -l user -s

Parameters

- Add entry in user table a

- Change existing entry in user table c

- Delete entry in user table d

- List (dump) entire user table l

- Add (OR-in) appcode bit(s) specified by string M to entry for specified user. m

- Set password P in entry for specified user p P

- For specified user, replace (vs. OR-in) appcode and permission fields with: m M z Z r

- Parameter S is one of the strings "TRUE" or "FALSE". It could be used to toggle whether or not s the user table will be saved in file system. Implementation has been left to the porting engineer S

- username U for -a -c or -d commands u

- Add (OR-in) permission bit(s) Z to entry for specified user. z Z

Description

Used to add or modify entries in the user table. At initialization, entries in the user table can be added via commands in a script file. No module should directly access or modify the user table. Modules should use the "user" command or call the available (non-STATIC) functions in userpass.c or user_nt.c

Notes/Status

The -l option is only available if NPDEBUG is defined. The M argument is the string "all" or a comma separated list of modules (applications) for which the user entry is valid. For example, if the entry for username "root" only has the FTP bit set, then "root" is not a valid user name for any other module. Currently the individual module names in the list of modules must be one of the following: ftp, telnet, http, or ppp The only currently defined permissions are PERMISSIONS_ALL (0xFFFFFFFF). This field is available for the porting engineer. An error will be returned for the change (-c) command if the entry does not exist. With the add (- a) command, an error will be returned if the entry already exists, unless password parameter exactly matches the password entry in the table. In that case, the specified module and permission bits will be ORed-in to the existing entry. A username can only have one entry in the user table. With the change (-c) command, the values for the M and Z arguments will be ORed into the existing values of the fields in the user table, unless -r is specified. In that case the values for the M and Z arguments will replace the values in the existing entry. Only the username argument should be given for the delete (-d) command. No other arguments should be given with the list (-l) command.

21 TFTP

get - Get a file from a remote TFTP server netstat - Display TFTP statistics put - Put a file to a remote TFTP server tfsrv - Manage the state of the TFTP Server

21.1 tftp get

Command get

get - Get a file from a remote TFTP server

Syntax

get -a IPADDR [-i] -s STRING [-d STRING]

Parameters

-a IP address of the remote TFTP server

-i Transfer data in IMAGE mode

-s Source file name

-d Destination file name

Description

The TFTP Client transfers a file from the remote TFTP Server. The '-s' parameter specifies the name of the file on the remote site. The '-d' parameter specifies the name of the file on the local site. If '- d' is omitted, the destination file name is the same as the source file name. The transfer mode can be either ASCII or IMAGE.

Transfer statistics are displayed upon completion of the file transfer.

Notes/Status

The local file system must be writable. The transfer mode is ASCII unless '-i' is present.

Location

This command is provided by the TFTP module when TFTP_CLIENT is defined.

21.2 tftp netstat

Command netstat

netstat - Display TFTP statistics

Syntax

netstat [-a]

Parameters

-a Display all TFTP Server and Client statistics

Description

This command displays information about the state of the TFTP Server and the state of all active TFTP transfers.

Location

This command is provided by the TFTP module when TFTP_SERVER or TFTP_CLIENT is defined.

21.3 tftp put

Command put

put - Put a file to a remote TFTP server

Syntax

put -a IPADDR [-i] -s STRING [-d STRING]

Parameters

-a IP address of the remote TFTP server

-i Transfer data in IMAGE mode

-s Source file name

-d Destination file name

Description

The TFTP Client transfers a file to the remote TFTP Server. The '-s' parameter specifies the name of the file on the local site. The '-d' parameter specifies the name of the file on the remote site. If '-d' is omitted, the destination file name is the same as the source file name. The transfer mode can be either ASCII or IMAGE.

Transfer statistics are displayed upon completion of the file transfer.

Notes/Status

The transfer mode is ASCII unless '-i' is present.

Location

This command is provided by the TFTP module when TFTP_CLIENT is defined.

21.4 tftp tfsrv

Command tfsrv

tfsrv - Manage the state of the TFTP Server

Syntax

tfsrv [ -e | -d | -t ]

Parameters

-e Set the TFTP Server state to ON

-d Set the TFTP Server state to OFF

-t Toggle the TFTP Server state between ON and OFF

Description

This command controls the operational state of the TFTP Server. A TFTP Client application can only communicate with the TFTP Server if the TFTP Server is in the ON state.

The '-e' and '-d parameters force the TFTP Server into the ON and OFF states, respectively. The '- t' parameter toggles the TFTP Server's state.

Notes/Status

'-e', '-d', '-t' are mutually exclusive. The default action is to toggle the TFTP Server state. The TFTP Server state is intialized to OFF.

Location

This command is provided by the TFTP module when TFTP_SERVER is defined.

22 Telnet

exit - Terminate a Telnet session logout - Terminate a Telnet session netstats - Display Telnet options and/or statistics

22.1 telnet exit

Command exit

exit - Terminate a Telnet session

Syntax

exit

Parameters

none

Description

This command terminates a Telnet session.

Notes/Status

The exit and logout commands are functionally equivalent. This command is only valid within a Telnet session.

Location

This command is provided by the Telnet module when TELNET_SVR is defined.

22.2 telnet logout

Command logout

logout - Terminate a Telnet session

Syntax

logout

Parameters

none

Description

This command terminates a Telnet session.

Notes/Status

The exit and logout commands are functionally equivalent. This command is only valid within a Telnet session.

Location

This command is provided by the Telnet module when TELNET_SVR is defined.

22.3 telnet netstat

Command netstats

netstat - Display Telnet options and/or statistics

Syntax

netstat [-o] [-s]

Parameters

-o Display the option settings for each Telnet session

-s Display the session statistics for each Telnet session

Description

This command displays information about each open Telnet session. If '-o' is specified, the state of the negotiated options are displayed. If '-s' is specified, session statistics are displayed. Specifying no parameters is equivalent to '-o -s'.

Notes/Status

If no parameters are specified, both options and statistics are displayed.

Location

This command is provided by the Telnet module when TELNET_SVR is defined.

23 Virtual File System

attribute - set or clear VFS file attributes vfs delete - Delete a VFS file directory - display a directory listing vfs read - Copy a VFS file to the output device

23.1 vfs attribute

Command Name

attribute - set or clear VFS file attributes

Syntax

attribute -f F [-c C] [-s S]

Parameters

-f F file name

-c C flags to clear: String of unseparated characters, e.g., "SWN"

-s S flags to set: String of unseparated characters, e.g., "SWN"

Description

Set or clear VFS file attributes.

Notes/Status

The following characters represent flags that can be used to set or clear the attributes of a VFS file:

H File has been HTML compressed

B Access to file requires BASIC authentication

S Access to file requires MD5 authentication

M File is a MAPFILE

W File is writable

N File data should be copied to non-volatile storage on close

Location

This command is provided by the VFS module when USE_VFS, VFS_MENUS, and VFS_RWFILES are defined.

23.2 vfs delete

Command Name

vfs delete - Delete a VFS file

Syntax

vfs delete -f F

Parameters

-f F String: File name

Description

This command is used to delete a VFS File.

Notes/Status

The -f (filename) option is required

Location

This command is provided by the VFS module when USE_VFS, VFS_MENUS, and VFS_RWFILES are defined.

23.3 vfs directory

Command Name

directory - display a directory listing

Syntax

directory [ -o ]

Parameters

-o Only list files that are open

Description

Lists the files in the current directory. If '-o' is present, only list the files that are currently open.

Notes/Status

This output of this command is dependent upon the underlying file system implementation.

Location

This command is provided by the VFS module when VFS_FILES is defined.

23.4 vfs read

Command Name

vfs read - Copy a VFS file to the output device

Syntax

read -f F

Parameters

-f F String: File name

Description

This command is used to copy a VFS file to the output device.

Notes/Status

The -f (filename) option is required

Location

This command is provided by the VFS module when USE_VFS and VFS_MENUS are defined.